[Mdaemon-L] Spam - Email Anda Akan Diblokir

[Syafril Hermansyah via Mdaemon-L]

Pada 12 Juli 2023 07.12.56 GMT+03:00, Dedet Saputra via Mdaemon-L 
 menulis:


>Hari ini kami banyak menerima email tidak normal seperti dibawah, mohon 
>bantuan bagaimana agar tidak masuk lagi.
>Log :
>
 <-- EHLO pmg01.cergis.net.id
>Wed 2023-07-12 05:18:54.969: [73667072] --> 250-mailhub.kobexindo.com Hello 
>pmg01.cergis.net.id [121.58.190.112], pleased to meet you

>Wed 2023-07-12 05:18:54.998: [73667072] <-- MAIL 
>FROM: SIZE=15824 BODY=8BITMIME

Masuukan sender address/domain kedalam antispam blocklist.

http://mdaemon.dutaint.co.id/mdaemon/23.0.1/sf_black_list.html

-- 
syafril
--
Syafril Hermansyah

Dikirim dari perangkat Android saya menggunakan K-9 Mail.

--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.2, SecurityGateway 9.0.2

[Mdaemon-L] Spam - Email Anda Akan Diblokir

[Dedet Saputra via Mdaemon-L]

 dYth Pak Syafril,

Hari ini kami banyak menerima email tidak normal seperti dibawah, mohon 
bantuan bagaimana agar tidak masuk lagi.

Log :

Wed 2023-07-12 05:18:54.964: [73667072] Session 73667072; child 0001
Wed 2023-07-12 05:18:54.964: [73667072] Accepting SMTP connection from 
121.58.190.112:42750 to 10.10.10.85:25
Wed 2023-07-12 05:18:54.964: [73667072] Location Screen says connection 
is from Indonesia, Asia
Wed 2023-07-12 05:18:54.965: [73667072] --> 220 mailhub.kobexindo.com 
ESMTP MDaemon 23.0.2; Wed, 12 Jul 2023 05:18:54 +0700

Wed 2023-07-12 05:18:54.969: [73667072] <-- EHLO pmg01.cergis.net.id
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-mailhub.kobexindo.com 
Hello pmg01.cergis.net.id [121.58.190.112], pleased to meet you

Wed 2023-07-12 05:18:54.969: [73667072] --> 250-ETRN
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-8BITMIME
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-ENHANCEDSTATUSCODES
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-PIPELINING
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-CHUNKING
Wed 2023-07-12 05:18:54.969: [73667072] --> 250-STARTTLS
Wed 2023-07-12 05:18:54.969: [73667072] --> 250 SIZE 41697280
Wed 2023-07-12 05:18:54.972: [73667072] <-- STARTTLS
Wed 2023-07-12 05:18:54.972: [73667072] --> 220 2.7.0 Ready to start TLS
Wed 2023-07-12 05:18:54.981: [73667072] SSL negotiation successful (TLS 
1.3, TLS_AES_256_GCM_SHA384)

Wed 2023-07-12 05:18:54.994: [73667072] <-- EHLO pmg01.cergis.net.id
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-mailhub.kobexindo.com 
Hello pmg01.cergis.net.id [121.58.190.112], pleased to meet you

Wed 2023-07-12 05:18:54.994: [73667072] --> 250-ETRN
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-8BITMIME
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-ENHANCEDSTATUSCODES
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-PIPELINING
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-CHUNKING
Wed 2023-07-12 05:18:54.994: [73667072] --> 250-REQUIRETLS
Wed 2023-07-12 05:18:54.994: [73667072] --> 250 SIZE 41697280
Wed 2023-07-12 05:18:54.998: [73667072] <-- MAIL 
FROM: SIZE=15824 BODY=8BITMIME
Wed 2023-07-12 05:18:55.002: [73667072] Performing PTR lookup 
(112.190.58.121.IN-ADDR.ARPA)
Wed 2023-07-12 05:18:55.007: [73667072] * D=112.190.58.121.IN-ADDR.ARPA 
TTL=(202) PTR=[pmg01.cergis.net.id]
Wed 2023-07-12 05:18:55.011: [73667072] * D=pmg01.cergis.net.id TTL=(41) 
A=[121.58.190.112]

Wed 2023-07-12 05:18:55.011: [73667072]  End PTR results
Wed 2023-07-12 05:18:55.012: [73667072] Performing IP lookup 
(pmg01.cergis.net.id)
Wed 2023-07-12 05:18:55.017: [73667072] * D=pmg01.cergis.net.id TTL=(41) 
A=[121.58.190.112]

Wed 2023-07-12 05:18:55.017: [73667072]  End IP lookup results
Wed 2023-07-12 05:18:55.020: [73667072] Performing IP lookup 
(citradermagaperkasa.com)
Wed 2023-07-12 05:18:55.024: [73667072] * D=citradermagaperkasa.com 
TTL=(168) A=[54.39.70.216]
Wed 2023-07-12 05:18:55.028: [73667072] * P=000 S=000 
D=citradermagaperkasa.com TTL=(4) MX=[mail.citradermagaperkasa.com] 
{122.129.118.104}

Wed 2023-07-12 05:18:55.028: [73667072]  End IP lookup results
Wed 2023-07-12 05:18:55.035: [73667072] Performing SPF lookup 
(pmg01.cergis.net.id / 121.58.190.112)

Wed 2023-07-12 05:18:55.088: [73667072] * Result: none; no SPF record in DNS
Wed 2023-07-12 05:18:55.088: [73667072]  End SPF results
Wed 2023-07-12 05:18:55.088: [73667072] Performing SPF lookup 
(citradermagaperkasa.com / 121.58.190.112)
Wed 2023-07-12 05:18:55.088: [73667072] * Policy (cache): v=spf1 a mx 
ip4:122.129.117.0/24 ip4:121.58.190.0/24 ip4:122.129.118.0/24 
a:mg01.cergis.net.id 
~allgoogle-site-verification=r-nA4nuXdIRSD81F3tDe2016iCE2k_gwbHsF-nfdv4g

Wed 2023-07-12 05:18:55.093: [73667072] * Evaluating a: no match
Wed 2023-07-12 05:18:55.100: [73667072] * Evaluating mx: no match
Wed 2023-07-12 05:18:55.100: [73667072] * Evaluating 
ip4:122.129.117.0/24: no match
Wed 2023-07-12 05:18:55.101: [73667072] * Evaluating 
ip4:121.58.190.0/24: match

Wed 2023-07-12 05:18:55.101: [73667072] * Result: pass
Wed 2023-07-12 05:18:55.101: [73667072]  End SPF results
Wed 2023-07-12 05:18:55.101: [73667072] --> 250 2.1.0 Sender OK
Wed 2023-07-12 05:18:55.101: [73667072] <-- RCPT 
TO:
Wed 2023-07-12 05:18:55.142: [73667072] Performing DNS-BL lookup 
(121.58.190.112 - connecting IP)

Wed 2023-07-12 05:18:55.146: [73667072] * cbl.abuseat.org - passed
Wed 2023-07-12 05:18:55.150: [73667072] * b.barracudacentral.org - passed
Wed 2023-07-12 05:18:55.170: [73667072] * zen.spamhaus.org - passed
Wed 2023-07-12 05:18:55.170: [73667072]  End DNS-BL results
Wed 2023-07-12 05:18:55.172: [73667072] --> 250 2.1.5 Recipient OK
Wed 2023-07-12 05:18:55.172: [73667072] <-- DATA
Wed 2023-07-12 05:18:55.201: [73667072] --> 354 Enter mail, end with 
.

Wed 2023-07-12 05:18:55.208: [73667072] Message size: 15824 bytes
Wed 2023-07-12 

[Mdaemon-L] Spam filter scan skipped - Email Tidak Diterima

[Syafril Hermansyah via Mdaemon-L]

On 6/8/23 15:11, Dedet Saputra via Mdaemon-L wrote:

Mohon bantu LOG berikut email tidak diterima :




Mon 2023-06-05 20:28:47.570: [71797866] Socket error sending response to DATA
Mon 2023-06-05 20:28:47.571: [71797866] * Socket error 10060 - The connection 
timed out.



Sender time out dan memutus koneksi sebelum kirim mail data.
Normalnya (menurut regulasi Internet mail) sender akan retry to send.
Tetapi umumnya server-server *.outbound.protection.outlook.com run 
dibelakang firewall sehingga rada budeg, tidak tahu bahwa pengiriman 
mail gagal karena ada masalah koneksi tcp/ip protocol.


Minta original sender resend mail adalah saran terbaik.

--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.0.2 Beta D
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

A good scientist is a person with original ideas. A good engineer is a 
person who makes a design that works with as few original ideas as 
possible. There are no prima donnas in engineering.

--- Freeman Dyson



--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.1, SecurityGateway 9.0.2

[Mdaemon-L] Spam filter scan skipped - Email Tidak Diterima

[Dedet Saputra via Mdaemon-L]

Yth Pak Syafril,

Mohon bantu LOG berikut email tidak diterima :

Mon 2023-06-05 20:26:25.431: [71797866] Session 71797866; child 0001
Mon 2023-06-05 20:26:25.431: [71797866] Accepting SMTP connection from 
40.107.117.80:20138 to 10.10.10.85:25
Mon 2023-06-05 20:26:25.431: [71797866] Location Screen says connection 
is from Japan, Asia
Mon 2023-06-05 20:26:25.432: [71797866] --> 220 mailhub.kobexindo.com 
ESMTP MDaemon 23.0.1; Mon, 05 Jun 2023 20:26:25 +0700
Mon 2023-06-05 20:26:25.582: [71797866] <-- EHLO 
APC01-TYZ-obe.outbound.protection.outlook.com
Mon 2023-06-05 20:26:25.582: [71797866] --> 250-mailhub.kobexindo.com 
Hello APC01-TYZ-obe.outbound.protection.outlook.com [40.107.117.80], 
pleased to meet you

Mon 2023-06-05 20:26:25.582: [71797866] --> 250-ETRN
Mon 2023-06-05 20:26:25.582: [71797866] Location Screening hiding AUTH 
from country Japan, Asia

Mon 2023-06-05 20:26:25.582: [71797866] --> 250-8BITMIME
Mon 2023-06-05 20:26:25.582: [71797866] --> 250-ENHANCEDSTATUSCODES
Mon 2023-06-05 20:26:25.582: [71797866] --> 250-PIPELINING
Mon 2023-06-05 20:26:25.582: [71797866] --> 250-CHUNKING
Mon 2023-06-05 20:26:25.582: [71797866] --> 250-STARTTLS
Mon 2023-06-05 20:26:25.582: [71797866] --> 250 SIZE 41697280
Mon 2023-06-05 20:26:25.732: [71797866] <-- STARTTLS
Mon 2023-06-05 20:26:25.732: [71797866] --> 220 2.7.0 Ready to start TLS
Mon 2023-06-05 20:26:26.341: [71797866] SSL negotiation successful (TLS 
1.2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
Mon 2023-06-05 20:26:26.493: [71797866] <-- EHLO 
APC01-TYZ-obe.outbound.protection.outlook.com
Mon 2023-06-05 20:26:26.493: [71797866] --> 250-mailhub.kobexindo.com 
Hello APC01-TYZ-obe.outbound.protection.outlook.com [40.107.117.80], 
pleased to meet you

Mon 2023-06-05 20:26:26.493: [71797866] --> 250-ETRN
Mon 2023-06-05 20:26:26.493: [71797866] Location Screening hiding AUTH 
from country Japan, Asia

Mon 2023-06-05 20:26:26.493: [71797866] --> 250-8BITMIME
Mon 2023-06-05 20:26:26.493: [71797866] --> 250-ENHANCEDSTATUSCODES
Mon 2023-06-05 20:26:26.493: [71797866] --> 250-PIPELINING
Mon 2023-06-05 20:26:26.493: [71797866] --> 250-CHUNKING
Mon 2023-06-05 20:26:26.493: [71797866] --> 250-REQUIRETLS
Mon 2023-06-05 20:26:26.493: [71797866] --> 250 SIZE 41697280
Mon 2023-06-05 20:26:26.674: [71797866] <-- MAIL 
FROM: SIZE=3310484
Mon 2023-06-05 20:26:26.680: [71797866] Performing PTR lookup 
(80.117.107.40.IN-ADDR.ARPA)
Mon 2023-06-05 20:26:26.698: [71797866] * D=80.117.107.40.IN-ADDR.ARPA 
TTL=(60) PTR=[mail-tyzapc01on2080.outbound.protection.outlook.com]
Mon 2023-06-05 20:26:26.749: [71797866] * 
D=mail-tyzapc01on2080.outbound.protection.outlook.com TTL=(5) 
A=[40.107.117.80]

Mon 2023-06-05 20:26:26.749: [71797866]  End PTR results
Mon 2023-06-05 20:26:26.749: [71797866] Performing IP lookup 
(APC01-TYZ-obe.outbound.protection.outlook.com)
Mon 2023-06-05 20:26:26.797: [71797866] * 
D=APC01-TYZ-obe.outbound.protection.outlook.com TTL=(5) A=[104.47.110.40]

Mon 2023-06-05 20:26:26.797: [71797866]  End IP lookup results
Mon 2023-06-05 20:26:26.802: [71797866] Performing IP lookup 
(bukitmakmur.com)
Mon 2023-06-05 20:26:26.814: [71797866] * D=bukitmakmur.com TTL=(60) 
A=[103.115.32.5]
Mon 2023-06-05 20:26:26.823: [71797866] * P=010 S=000 D=bukitmakmur.com 
TTL=(60) MX=[mx.bukitmakmur.com] {103.115.32.9}

Mon 2023-06-05 20:26:26.823: [71797866]  End IP lookup results
Mon 2023-06-05 20:26:26.829: [71797866] Performing SPF lookup 
(APC01-TYZ-obe.outbound.protection.outlook.com / 40.107.117.80)
Mon 2023-06-05 20:26:26.881: [71797866] * Policy: v=spf1 
include:spf.protection.outlook.com -all
Mon 2023-06-05 20:26:26.881: [71797866] * Evaluating 
include:spf.protection.outlook.com: performing lookup
Mon 2023-06-05 20:26:26.885: [71797866] * Policy: v=spf1 
ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 
ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 
ip6:2a01:111:f403:8000::/50 ip6:2a01:111:f403:c000::/51 
ip6:2a01:111:f403:f000::/52 -all
Mon 2023-06-05 20:26:26.885: [71797866] * Evaluating ip4:40.92.0.0/15: 
no match
Mon 2023-06-05 20:26:26.885: [71797866] * Evaluating ip4:40.107.0.0/16: 
match
Mon 2023-06-05 20:26:26.885: [71797866] * Evaluating 
include:spf.protection.outlook.com: match

Mon 2023-06-05 20:26:26.885: [71797866] * Result: pass
Mon 2023-06-05 20:26:26.885: [71797866]  End SPF results
Mon 2023-06-05 20:26:26.885: [71797866] Performing SPF lookup 
(bukitmakmur.com / 40.107.117.80)
Mon 2023-06-05 20:26:26.901: [71797866] * Policy: v=spf1 
ip4:103.115.32.0/24 include:spf.protection.outlook.com -all
Mon 2023-06-05 20:26:26.901: [71797866] * Evaluating 
ip4:103.115.32.0/24: no match
Mon 2023-06-05 20:26:26.901: [71797866] * Evaluating 
include:spf.protection.outlook.com: performing lookup
Mon 2023-06-05 20:26:26.901: [71797866] * Policy (cache): v=spf1 
ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 
ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 
ip6:2a01:111:f403:8000::/50 

[Mdaemon-L] Spam Filter Allow List tidak berfungsi

[Syafril Hermansyah via Mdaemon-L]

On 11/8/22 11:28, Edhi Fidiawan wrote:
Server Mdaemon kami sejak 1 November 2022 banyak email yang dianggap 
spam padahal seharusnya bukan.  Kami sudah mencoba masukkan ke "Spam 
Filter - Allow List" tapi sepertinya tidak berefek, email dari pengirim 
yang kami maksud masih dianggap Spam.  Apa yang harus kami lakukan ?



Mestinya ada effeknya, menambahkan spam score negatif.
Coba perlihatkan antispam log yang memperlihatkan allow list tidak 
berfungsi.


Kalau user-user Anda jarang memeriksa IMAP spam folder, sebaiknya di non 
aktifkan saja IMAP spam foldernya.


http://mdaemon.dutaint.co.id/mdaemon/22.0/sf_options.html

[ ] Move spam into user's IMAP spam folder automatically

Sepertinya juga spam filternya menjadi terlalu ketat, hampir segala 
macam diberi skor spam tinggi, bagaimana cara mensettingnya supaya tidak 
terlalu ketat.



Memang spamassassin yang digunakan Internet Mail Server (termasuk 
MDaemon) semakin tinggi spam scoringnya, demikian pula kriterianya makin 
banyak.
Hal ini meresponse maraknya phising spam macam ransomware yang beberapa 
bulan terakhir ini.


Kalau ingin menerapkan spamscoring sendiri maka ubah setting antispam sbb:

http://mdaemon.dutaint.co.id/mdaemon/22.0/sf_options.html

Is DNS service available? = No

Don't filter mail from...

[ ] trusted or authenticated sources

Don't filter messages larger than 256 KB

Kalau masih dianggap terlalu ketat juga, maka ubah spam score dengan 
edit file berikut dengan notepad


\\mdaemon\spamassassin\rules\80_MDaemon_scores.cf

dan non aktifkan Outbreak Protection for spam dengan lower value

http://mdaemon.dutaint.co.id/mdaemon/22.0/sp_outbreak_protection.html

Spam should be...
[x] accepted for filtering Score : 1.0


--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 22.5.0 Beta RC1
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Study the past if you would define the future.
---  Confucius


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 22.0.3, SecurityGateway 8.5.3

[Mdaemon-L] Spam Filter Allow List tidak berfungsi

[Edhi Fidiawan]

Dengan hormat,

Server Mdaemon kami sejak 1 November 2022 banyak email yang dianggap 
spam padahal seharusnya bukan.  Kami sudah mencoba masukkan ke "Spam 
Filter - Allow List" tapi sepertinya tidak berefek, email dari pengirim 
yang kami maksud masih dianggap Spam.  Apa yang harus kami lakukan ?


Sepertinya juga spam filternya menjadi terlalu ketat, hampir segala 
macam diberi skor spam tinggi, bagaimana cara mensettingnya supaya tidak 
terlalu ketat.


Salam,

--
Edhi Fidiawan
edhi.fidia...@dayinmitra.com


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 22.0.3, SecurityGateway 8.5.3

[Mdaemon-L] Spam Filter Allow List File

[Syafril Hermansyah via Mdaemon-L]

On 10/27/22 10:15, Ivan Leonardo wrote:

Pak, utk allow list ini disimpan di file yg mana ya ?



\\mdaemon\spamassassin\rules\80_MDaemon_whitelistxxx.cf

--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 22.5.0 Beta RC1
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The more that you read, the more things you will know. The more that you 
learn, the more places you'll go.

---  Dr. Seuss, I Can Read With My Eyes Shut!


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 22.0.3, SecurityGateway 8.5.3

[Mdaemon-L] Spam Filter Allow List File

[Ivan Leonardo]

Pak, utk allow list ini disimpan di file yg mana ya ?

Rgds,
--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 22.0.3, SecurityGateway 8.5.3

[Mdaemon-L] Spam Masih bisa masuk juga

[Syafril Hermansyah via Mdaemon-L]

On 15/06/22 11.07, zul wrote:

Email Spam masih bisa masuk, mohon di bantu cek



Wed 2022-06-15 09:49:33.018: [01625243] Passing message through Outbreak 
Protection...
Wed 2022-06-15 09:49:33.018: [01625243] *  Message-ID: 

Wed 2022-06-15 09:49:33.019: [01625243] *  Reference-ID: 
str=0001.0A673444.62A948BE.0043,ss=4,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,cl=4,cld=1,fgs=0
Wed 2022-06-15 09:49:33.019: [01625243] *  Virus result: 0 - Clean
Wed 2022-06-15 09:49:33.019: [01625243] *  Spam result: 4 - Spam (confirmed)
Wed 2022-06-15 09:49:33.019: [01625243] *  IWF result: 0 - Clean
Wed 2022-06-15 09:49:33.019: [01625243]  End Outbreak Protection results
Wed 2022-06-15 09:49:33.020: [01625243] Passing message through Spam Filter 
(Size: 90769)...
Wed 2022-06-15 09:49:38.068: [01625243] *  2.5 MDAEMON_OP_SPAM_HIGH MDaemon: 
spam/phish



Spam mail masih masuk karena belum dilakukan ubahan yang disarankan.

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg48410.html

--
syafril

Syafril Hermansyah

MDaemon-L Moderator, run MDaemon 22.0.1 Beta A
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.

Para murid dan pengikut kita akan mengajar kpd kita seribu kali lbh 
banyak dpd guru-2x kita jika seandainya kita bisa hidup cukup lama utk 
menyaksikan karya-2x mereka

-- Paul Valery, 1871-1945


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 22.0, SecurityGateway 8.5.2

[Mdaemon-L] Spam Masih bisa masuk juga

[zul]

Selamat Pagi


Email Spam masih bisa masuk, mohon di bantu cek


Salam






Wed 2022-06-15 09:49:00.857: [01625243] Session 01625243; child 0003
Wed 2022-06-15 09:49:00.857: [01625243] Accepting SMTP connection from 
201.76.0.6:49435 to 202.47.68.6:25
Wed 2022-06-15 09:49:00.857: [01625243] Location Screen says connection is 
from Brazil, South America
Wed 2022-06-15 09:49:00.859: [01625243] --> 220 mail.indonakano.co.id ESMTP 
Wed, 15 Jun 2022 09:49:00 +0700
Wed 2022-06-15 09:49:01.233: [01625243] <-- EHLO mail.contato.net
Wed 2022-06-15 09:49:01.234: [01625243] --> 250-mail.indonakano.co.id Hello 
mail.contato.net [201.76.0.6], pleased to meet you
Wed 2022-06-15 09:49:01.234: [01625243] --> 250-ETRN
Wed 2022-06-15 09:49:01.234: [01625243] --> 250-8BITMIME
Wed 2022-06-15 09:49:01.234: [01625243] --> 250-ENHANCEDSTATUSCODES
Wed 2022-06-15 09:49:01.234: [01625243] --> 250-PIPELINING
Wed 2022-06-15 09:49:01.234: [01625243] --> 250-CHUNKING
Wed 2022-06-15 09:49:01.234: [01625243] --> 250-STARTTLS
Wed 2022-06-15 09:49:01.234: [01625243] --> 250 SIZE
Wed 2022-06-15 09:49:01.609: [01625243] <-- STARTTLS
Wed 2022-06-15 09:49:01.609: [01625243] --> 220 2.7.0 Ready to start TLS
Wed 2022-06-15 09:49:02.376: [01625243] SSL negotiation successful (TLS 1.2, 
256 bit key exchange, 256 bit AES encryption)
Wed 2022-06-15 09:49:02.750: [01625243] <-- EHLO mail.contato.net
Wed 2022-06-15 09:49:02.750: [01625243] --> 250-mail.indonakano.co.id Hello 
mail.contato.net [201.76.0.6], pleased to meet you
Wed 2022-06-15 09:49:02.750: [01625243] --> 250-ETRN
Wed 2022-06-15 09:49:02.750: [01625243] --> 250-8BITMIME
Wed 2022-06-15 09:49:02.750: [01625243] --> 250-ENHANCEDSTATUSCODES
Wed 2022-06-15 09:49:02.750: [01625243] --> 250-PIPELINING
Wed 2022-06-15 09:49:02.750: [01625243] --> 250-CHUNKING
Wed 2022-06-15 09:49:02.750: [01625243] --> 250-REQUIRETLS
Wed 2022-06-15 09:49:02.750: [01625243] --> 250 SIZE
Wed 2022-06-15 09:49:03.125: [01625243] <-- MAIL FROM:
Wed 2022-06-15 09:49:03.125: [01625243] Performing PTR lookup 
(6.0.76.201.IN-ADDR.ARPA)
Wed 2022-06-15 09:49:11.083: [01625243] *  D=6.0.76.201.IN-ADDR.ARPA 
TTL=(353) PTR=[mail2.contato.net]
Wed 2022-06-15 09:49:12.122: [01625243] *  D=mail2.contato.net TTL=(1440) 
A=[201.76.0.6]
Wed 2022-06-15 09:49:12.122: [01625243]  End PTR results
Wed 2022-06-15 09:49:12.125: [01625243] Performing IP lookup 
(mail.contato.net)
Wed 2022-06-15 09:49:13.163: [01625243] *  D=mail.contato.net TTL=(1440) 
A=[201.76.0.39]
Wed 2022-06-15 09:49:13.163: [01625243]  End IP lookup results
Wed 2022-06-15 09:49:13.163: [01625243] Performing IP lookup (contato.net)
Wed 2022-06-15 09:49:17.389: [01625243] *  D=contato.net TTL=(1440) 
A=[201.76.0.61]
Wed 2022-06-15 09:49:21.536: [01625243] *  P=005 S=001 D=contato.net 
TTL=(1440) MX=[mail.contato.net]
Wed 2022-06-15 09:49:21.536: [01625243] *  P=015 S=000 D=contato.net 
TTL=(1440) MX=[mail3.contato.net]
Wed 2022-06-15 09:49:21.539: [01625243] *  D=mail.contato.net TTL=(1440) 
A=[201.76.0.39]
Wed 2022-06-15 09:49:21.541: [01625243] *  D=mail3.contato.net TTL=(1440) 
A=[201.76.0.19]
Wed 2022-06-15 09:49:21.541: [01625243]  End IP lookup results
Wed 2022-06-15 09:49:21.542: [01625243] Performing SPF lookup 
(mail.contato.net / 201.76.0.6)
Wed 2022-06-15 09:49:23.339: [01625243] *  Result: none; no SPF record in 
DNS
Wed 2022-06-15 09:49:23.339: [01625243]  End SPF results
Wed 2022-06-15 09:49:23.339: [01625243] Performing SPF lookup (contato.net / 
201.76.0.6)
Wed 2022-06-15 09:49:30.421: [01625243] *  Policy: v=spf1 ip4:201.76.0.6 
ip4:201.76.0.12 ip4:201.76.0.4 ip4:201.76.0.19 ip4:201.76.8.3 
ip4:201.76.0.20 ip4:201.76.0.30 ip4:201.76.0.39 a mx ip4:201.76.0.43 
ip4:201.76.0.46 -all
Wed 2022-06-15 09:49:30.421: [01625243] *  Evaluating ip4:201.76.0.6: match
Wed 2022-06-15 09:49:30.421: [01625243] *  Result: pass
Wed 2022-06-15 09:49:30.421: [01625243]  End SPF results
Wed 2022-06-15 09:49:30.421: [01625243] --> 250 2.1.0 Sender OK
Wed 2022-06-15 09:49:30.810: [01625243] <-- RCPT TO:
Wed 2022-06-15 09:49:30.886: [01625243] --> 250 2.1.5 Recipient OK
Wed 2022-06-15 09:49:31.260: [01625243] <-- DATA
Wed 2022-06-15 09:49:31.262: [01625243] --> 354 Enter mail, end with 
.
Wed 2022-06-15 09:49:32.767: [01625243] Message size: 90769 bytes
Wed 2022-06-15 09:49:32.768: [01625243] Performing DKIM verification
Wed 2022-06-15 09:49:32.768: [01625243] *  File: 
c:\mdaemon\queues\temp\md500143332.tmp
Wed 2022-06-15 09:49:32.768: [01625243] *  Message-ID: 

Wed 2022-06-15 09:49:32.773: [01625243] * DKIM-Signature 1: v=1; a=rsa-sha1; 
c=relaxed/relaxed; d=contato.net; s=default; x=1655865656; 
Wed 2022-06-15 09:49:32.773: [01625243] *Verification result: good 
signature
Wed 2022-06-15 09:49:32.774: [01625243] *  Result: pass
Wed 2022-06-15 09:49:32.774: [01625243]  End DKIM results
Wed 2022-06-15 09:49:32.777: [01625243] Passing message through AntiVirus 
(Size: 90769)...
Wed 2022-06-15 09:49:32.835: [01625243] *  Message is clean (no 

[Mdaemon-L] SPAM Issue

[Slamet Raharjo via Mdaemon-L]

> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47239.html
> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47240.html

Noted Pak, terima kasih pencerahannya.

Best Regards,

Slamet Raharjo
IT Dept.


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0

[Mdaemon-L] SPAM Issue

[Syafril Hermansyah via Mdaemon-L]

Pada 02/03/22 08.36, Slamet Raharjo via Mdaemon-L menulis:

Untuk mengurangi masuknya SPAM seperti terlampir, kira-kira apa saja yang dapat 
saya Tuning di MDaemon ya, berikut Internet Headersnya, sbb :




X-Spam-Report:
* -4.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
*  [score: 0.]
*  4.9 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish



Reset Bayesian database token dengan menghapus isi folder 
\\mdaemon\spamassassin\bayes, lalu restart Spamfilter


http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sf_spam_filtering.html


Atur  ulang nilai outbreak protection untuk spam, naikkan nilainya.

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sp_outbreak_protection.html

Spam should be...

[x] accepted for filtering  Score: 9.5

Lengkapnya bisa lihat disini


https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47239.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47240.html


--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.2 64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Wisdom comes not from age, but from education and learning.
--- Anton Chekhov


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0

[Mdaemon-L] Spam

[Syafril Hermansyah via Mdaemon-L]

Pada 16/02/22 09.16, zain.adriansyah via Mdaemon-L menulis:

Mohon bantuannya untuk melihat LOG ini,,



Itu bukan log, melainkan sumber pesan (source message)


sepertinya ini adalah SPAM yang masuk ke akun kami
sylvana.hara...@kisi-am.co.id    


Untuk Screening Location sebelumnya,  sudah sy centang untuk negara Spain



Spam itu ditujukan ke domain @kisi-am.co.id, sendernya bukan dari local 
domain @kisi-am.co.id artinya bukan kasus Account Hijacking sehingga 
tidak berkaitan dengan Location Screening.



From: "'Rahadi Prabowo Singgih'" 
To: sylvana.hara...@kisi-am.co.id



spam ini ditujukan ke recipient yang pakai Microsoft Mail Family 
(windows mail, office outlook, windows live dls) yang tidak menampilkan 
email address part, hanya Display Name saja.

Agar recipient tidak terkecoh maka aktifkan From Header Screening

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/screening_from-header-screening.html

[x] Add email address to display-name

[x] Do not apply these features to authenticated messages


Sekalian aktifkan "External Message Warning"

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/cf_content_filter_editor.html

[x] External Message Warning


Spam tidak terdeteksi karena Outbreak Protection (komponen antispam dari 
MDAV) tidak aktif.


http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sp_outbreak_protection.html

Lihat setting lengkap untuk antispam disini

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47239.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47240.html

--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.2 64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The only thing that stands between you and your dream is the will to try 
and the belief that it is actually possible.

---  Joel Brown


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0

[Mdaemon-L] Spam

[zain.adriansyah via Mdaemon-L]

Dear Pak Syafril 

 

Mohon bantuannya untuk melihat LOG ini,, 

 

sepertinya ini adalah SPAM yang masuk ke akun kami
sylvana.hara...@kisi-am.co.id  

 

Untuk Screening Location sebelumnya,  sudah sy centang untuk negara Spain

 

Terima kasih

 

Zain

 

 

X-MDAV-Result: clean

X-MDAV-Processed: mail.kisi-am.co.id, Tue, 15 Feb 2022 21:20:45 +0700

X-Spam-Processed: mail.kisi-am.co.id, Tue, 15 Feb 2022 21:20:44 +0700

Return-path: 

X-Spam-Level: *

X-Spam-Status: No, score=1.1 required=5.0 tests=FORGED_OUTLOOK_HTML,

 
HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,LONGLN_LOW_CONTRAST,MIME_HTML_ONLY,

SPF_PASS shortcircuit=no autolearn=disabled version=3.4.4

X-Spam-Report: 

* -0.0 SPF_PASS SPF: sender matches SPF record

*  0.0 HTML_MESSAGE BODY: HTML included in message

*  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME
parts

*  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar
or

*  identical to background

*  0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message
only

*  1.0 LONGLN_LOW_CONTRAST Excessively long line + hidden
text

X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24)

Authentication-Results: mail.kisi-am.co.id;

spf=pass smtp.mailfrom=la...@grupajesgrillo.com;

dkim=fail (DKIM_BODY_HASH_MISMATCH) header.d=srv.cat
header.b=kbc9f1QCqE;

dmarc=none header.from=grupajesgrillo.com (no DMARC record);

iprev=pass policy.iprev=185.34.193.13 (PTR
vxadp-35.srv.cat);

iprev=pass policy.iprev=185.34.193.13 (HELO
vxadp-35.srv.cat);

iprev=pass policy.iprev=185.34.193.13 (MAIL
la...@grupajesgrillo.com)

Received-SPF: pass (mail.kisi-am.co.id: domain grupajesgrillo.com

designates 185.34.193.13 as permitted sender)

receiver=mail.kisi-am.co.id; client-ip=185.34.193.13;

mechanism=ip4:185.34.192.0/22;
envelope-from="la...@grupajesgrillo.com";

helo=vxadp-35.srv.cat;

Received: from vxadp-35.srv.cat (vxadp-35.srv.cat [185.34.193.13]) by
mail.kisi-am.co.id (202.72.214.163) 

with ESMTPS id md5001000161507.msg; Tue, 15 Feb 2022
21:20:44 +0700

X-MDOP-RefID:
str=0001.0A67340D.620BB6BB.008E,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld
=1,fgs=0 (_st=1 _vt=0 _iwf=0)

X-MDSPF-Result: unapproved (mail.kisi-am.co.id)

X-MDRemoteIP: 185.34.193.13

X-MDHelo: vxadp-35.srv.cat

X-MDArrival-Date: Tue, 15 Feb 2022 21:20:44 +0700

X-MDOrigin-Country: Spain, Europe

X-Rcpt-To: sylvana.hara...@kisi-am.co.id

X-MDRcpt-To: sylvana.hara...@kisi-am.co.id

X-Return-Path: la...@grupajesgrillo.com

X-Envelope-From: la...@grupajesgrillo.com

X-MDaemon-Deliver-To: sylvana.hara...@kisi-am.co.id

Received: from smtp (unknown [127.0.0.3])

by vxadp-35.srv.cat (Postfix) with ESMTP id 9422921D96

for ; Tue, 15 Feb 2022
15:20:37 +0100 (CET)

Received: from localhost (unknown [212.95.112.26])

by vxadp-35.srv.cat (Postfix) with ESMTPSA id A47AA21233

for ; Tue, 15 Feb 2022
15:20:36 +0100 (CET)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=srv.cat; s=ad2mail;

t=1644934837;
bh=K2/H28Ar/jZnvomh5H3iu9lXPoMUGUvXhLZLCGTvpXc=;

h=From:Date:To:Subject:From;

 
b=kbc9f1QCqE7ypa0ers4MCOd29U5UNLlNbHXwGsKAK24Wt0bFwb1DzyPjfH5S54fVH

 
rBCibRJMyVmCYkQzB4s+x3d+3lLTQv88ZrWyzI19az4BI95P6WS7hYhPSHGYpgp5p0

 
L+Ez2EC2QfnX1ffMhZUV0oybqpLmQ/MjCM4W1tVIS2eyiTxfwCjreK2Y3xzXSPWJI/

 
AlNPYwjsmVe2o5A3kvrLp3QXc5TmvTirGBEsFWjLE2fjx4V8qNm+FqeFNKnKTwnVDp

 
JkfucGWG1HYFtrRoPpGWO8E8fcQemaqyKcmhTNblMKkk9I+l85hN3vz0OZuaPT+VkV

yFsnIHOYsPW4g==

From: "'Rahadi Prabowo Singgih'" 

Date: Tue, 15 Feb 2022 17:20:37 +0300

To: sylvana.hara...@kisi-am.co.id

Subject: =?UTF-8?B?UmU6IFJFOiBUcmFkZSAwMi8wNy8yMA==?=

MIME-Version: 1.0

X-Mailer: Microsoft Outlook 16.0

Content-Type: text/html; charset=utf-8

Message-Id: <20220215142037.9422921...@vxadp-35.srv.cat>

 











Hello,

 

Sorry for my late reply to your question. Attached is the document you
asked for.

 

http://facts-jo.com/srv/h8l/qEF/2LY/jzqqtZq.zip;>DOCUMENT
DOWNLOAD LINK

 

Thank you,





http://schemas.microsoft.com/office/2004/12/omml;
xmlns="http://www.w3.org/TR/REC-html40;>

[Mdaemon-L] spam mail [ tadinya Re: mohon bantuannya email dari customer tidak masuk]

[Syafril Hermansyah via Mdaemon-L]

Pada 09/02/22 14.30, arif noviyanto menulis:

---
Mohon tidak posting dengan top posting style di milis ini, selalu
gunakan bottom (interleaved) posting untuk memudahkan pembacaan.

https://blog.joelesler.net/2009/12/bottom-posting.html

The particular part to pay attention to is in RFC1855 --

"- If you are sending a reply to a message or a posting be sure you
summarize the original at the top of the message, or include just
enough text of the original to give a context. This will make
sure readers understand when they start to read your response.
Since NetNews, especially, is proliferated by distributing the
postings from one host to another, it is possible to see a
response to a message before seeing the original. Giving context
helps everyone. But do not include the entire original!"

http://daringfireball.net/2007/07/on_top

The fundamental source of poor email style is the practice of quoting
the entire message you’re replying to. If that’s what you do, then it
doesn’t matter whether you put your response at the top or bottom. In
fact, if you’re going to quote the entire message, top-posting probably
is better. But both are poor form.

Writing an email is like writing an article. Only quote the relevant
parts, interspersing your new remarks between the quoted passages. Don’t
quote anything at all from the original message if you don’t have to.

Does it take more time to edit the portions of quoted text included in
your reply? Yes. So does spell-checking and proofreading. It also takes
time to shower and brush your teeth each day.

Di outlook 2013/2016 sudah ada fitur inline reply, tinggal diaktifkan.

http://www.tech-recipes.com/rx/30892/outlook-2013-disable-the-inline-reply-feature/

kalau masih pakai outlook kuno, maka ubah settingnya seperti ini

https://www.slipstick.com/outlook/email/to-use-internet-style-quoting/

Salin selected text yang akan di quote ulang, yang sesuai contex, ke atas
signature lalu hapus quote text yang mulai dari baris "-Original 
Message-" kebawah.




Itu spam pak, banyak email seperti itu mengatasnamakn vendor tetapi alamt 
emailnya berubah ubah



Subjek dan isinya tidak sesuai :-)


Authentication-Results: mail.sriboga.co.id;
spf=pass smtp.mailfrom=kho...@infinityfashionbd.com;
dkim=pass (good signature) header.d=infinityfashionbd.com 
header.b=0Y9LgA5wpn;
dmarc=none header.from=infinityfashionbd.com (no DMARC record);
iprev=pass policy.iprev=69.89.24.105 (PTR gateway10.unifiedlayer.com);
iprev=pass policy.iprev=69.89.24.105 (HELO gateway10.unifiedlayer.com);
iprev=fail reason="does not match" policy.iprev=69.89.24.105 (MAIL 
kho...@infinityfashionbd.com)


mail ini diterima karena dikirim melalui server yang punya legalitas 
internet mail yang baik.



From: "Febrianti Halim" 
To: "Ibu Aseana Nane" 
Subject: Re: Notulen Rapat I - Team Asset Management



Spam mail ini sengaja ditujukan untuk MS Office family user (office 
outlook, outlook express, Windows Mail, Windows Live dsb).
Microsoft Mail Family hanya menampilkan Real Name (Display Name) saja, 
sehingga mudah terkecoh.


Agar user/recipient tidak terkecoh aktifkan header screening

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/screening_from-header-screening.html

[x] Add email address to display-name

dan aktifkan Content Filter Rule "external message warning"

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/cf_content_filter_editor.html



X-Spam-Status: No, score=-4.00 required=4
X-Spam-Report:
* -4.7 BAYES_00 BODY: Bayes spam probability is 0 to 1%
*  [score: 0.]
*  0.1 URI_HEX URI: URI hostname has long hexadecimal sequence
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  0.5 MISSING_MID Missing Message-Id: header



Untuk pencegahan kedepannya, lakukan ubahan setting antispam content 
filtering mengikuti tips berikut


https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47239.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47240.html

Dan setting antivirus diubah menjadi sbb:

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/antivirus.html

[x] Enable AntiVirus scanning

[x] Refuse to accept messages that are infected with viruses

[x] Quarantine messages that cannot be scanned
[x] Allow password-protected files in exclusion list...

klik "Configure Exclusions"

Di Global Exclution hapus isian *.zip

Untuk sementara ini masukkan sender address/domain kedalam antispam 
blacklist by sender


http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sf_black_list.html

kedepannya, monitor secara berkala quarantine queue.
Jika itu spam mail maka dihapus, kalau legitimate (non spam) di approve 
dengan memilih mail di quarantine queue tersebut lalu dari 
Right-Mouse-Click menu pilih "release".







--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.2 64 bit
Harap tidak cc: atau kirim ke private mail untuk 

[Mdaemon-L] Spam Replay Email Lama

[Syafril Hermansyah via Mdaemon-L]

Pada 25/01/22 12.45, Dedet Saputra menulis:



Capture1.JPG


Perlihatkan message header dari spam mail tersebut.




Date: Mon, 24 Jan 2022 09:58:41 +0200
From: "Herna Tambunan" 
To: "'Dedet Saputra'" 
Subject: RE: Akses ke antena di rooftop Kobexindo Banjarmasin



Mail ini bukan lanjutan dari mail lama, tidak satu thread (tidak ada 
reference header nya) dengan yang lalu.
Tidak diketahui kenapa salinan mail lama bisa ada di sender 
sa...@h2zeropurifiedwater.net yang memang hosting di server 
websitewelcome.com.


Di block saja sender address/domainnya di spamfilter blacklist by sender.

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sf_black_list.html



--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.2 64 bit Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The more that you read, the more things you will know. The more that you 
learn, the more places you'll go.

---  Dr. Seuss, I Can Read With My Eyes Shut!


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] Spam Replay Email Lama

[Dedet Saputra]

On 1/25/2022 12:25 PM, Syafril Hermansyah via Mdaemon-L wrote:


Mail yang lama dari spammer?

Mail lama percakapan tahun 2019 bukan spam



Capture1.JPG


Perlihatkan message header dari spam mail tersebut.


X-MDAV-Result: clean
X-MDAV-Processed: mailhub.kobexindo.com, Mon, 24 Jan 2022 14:59:01 +0700
Return-path:
Authentication-Results: mailhub.kobexindo.com;
spf=passsmtp.mailfrom=sa...@h2zeropurifiedwater.net;
dkim=pass (good signature) header.d=h2zeropurifiedwater.net 
header.b=FgXxjT3n6e;
dmarc=none header.from=h2zeropurifiedwater.net (no DMARC record);
iprev=pass policy.iprev=192.185.149.105 (PTR 
gateway34.websitewelcome.com);
iprev=pass policy.iprev=192.185.149.105 (HELO 
gateway34.websitewelcome.com);
iprev=fail policy.iprev=192.185.149.105 reason="does not match" 
(mailsa...@h2zeropurifiedwater.net)
Received-SPF: pass (mailhub.kobexindo.com: domain h2zeropurifiedwater.net
designates 192.185.149.105 as permitted sender)
receiver=mailhub.kobexindo.com; client-ip=192.185.149.105;
mechanism=ip4:192.185.0.0/16; 
envelope-from="sa...@h2zeropurifiedwater.net";
helo=gateway34.websitewelcome.com;
Received: from gateway34.websitewelcome.com (gateway34.websitewelcome.com 
[192.185.149.105])
by mailhub.kobexindo.com (202.150.137.87) (MDaemon PRO v20.0.2) with 
ESMTPS id md5001008886017.msg;
Mon, 24 Jan 2022 14:58:57 +0700
X-Spam-Level:
X-Spam-Status: No, score=-4.10 required=5.0
X-Spam-Report:
* -4.7 BAYES_00 BODY: Bayes spam probability is 0 to 1%
*  [score: 0.]
*  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  0.5 MISSING_MID Missing Message-Id: header
X-Spam-Processed: mailhub.kobexindo.com, Mon, 24 Jan 2022 14:58:57 +0700
(processed during SMTP session)
X-MDOP-RefID: 
str=0001.0A673442.61EE5C3F.00AF,ss=1,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,cl=1,cld=1,fgs=0
 (_st=1 _vt=0 _iwf=0)
X-MDDKIM-Result: unapproved (mailhub.kobexindo.com)
X-MDSPF-Result: unapproved (mailhub.kobexindo.com)
X-MDRemoteIP: 192.185.149.105
X-MDHelo: gateway34.websitewelcome.com
X-MDArrival-Date: Mon, 24 Jan 2022 14:58:57 +0700
X-MDOrigin-Country: United States, North America
X-Rcpt-To:dedetsapu...@kobexindo.com
X-MDRcpt-To:dedetsapu...@kobexindo.com
X-Return-Path:sa...@h2zeropurifiedwater.net
X-Envelope-From:sa...@h2zeropurifiedwater.net
X-MDaemon-Deliver-To:dedetsapu...@kobexindo.com
Received: from cm10.websitewelcome.com (cm10.websitewelcome.com [100.42.49.4])
by gateway34.websitewelcome.com (Postfix) with ESMTP id 90AB4198C0
for; Mon, 24 Jan 2022 01:58:42 -0600 (CST)
Received: from cooper.websitewelcome.com ([192.185.83.133])
by cmsmtp with SMTP
id BuFOnIsstRnrrBuFOnyT6F; Mon, 24 Jan 2022 01:58:42 -0600
X-Authority-Reason: nr=8
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=h2zeropurifiedwater.net; s=default; 
h=Content-Type:MIME-Version:Subject:To:

From:Date:Sender:Reply-To:Message-ID:Cc:Content-Transfer-Encoding:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=Ud1RhYBrH+0FuQNgwKOHIFC1x1CyflwhhaUZ6gwwAgw=; 
b=FgXxjT3n6exbnt144Te8aq9nj5

JSk2JejhUBFtuYut0wDI7jZkBGK2Z0/43grom4YIch8yxjVmJjyolR1rNdCKlBi7ER+kTBqkLt43F
NYP8i/1DCKueyON5uGgr9wNpF;
Received: from [80.89.72.233] (port=52837 helo=[233.72.89.80])
by cooper.websitewelcome.com with esmtpsa  (TLS1.2) tls 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.94.2)
(envelope-from)
id 1nBuFN-003hM1-1z
fordedetsapu...@kobexindo.com; Mon, 24 Jan 2022 01:58:42 -0600
Date: Mon, 24 Jan 2022 09:58:41 +0200
From: "Herna Tambunan"
To: "'Dedet Saputra'"
Subject: RE: Akses ke antena di rooftop Kobexindo Banjarmasin
MIME-Version: 1.0
Content-Type: multipart/mixed; 
boundary="=_NextPart_0044_0151_2176659280.3299630808"
X-AntiAbuse: This header was added to track abuse, please include it with any 
abuse report
X-AntiAbuse: Primary Hostname - cooper.websitewelcome.com
X-AntiAbuse: Original Domain - kobexindo.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - h2zeropurifiedwater.net
X-BWhitelist: no
X-Source-IP: 80.89.72.233
X-Source-L: No
X-Exim-ID: 1nBuFN-003hM1-1z
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([233.72.89.80]) [80.89.72.233]:52837
X-Source-Auth:sa...@h2zeropurifiedwater.net
X-Email-Count: 387
X-Source-Cap: YWRtaW4wMTthYjg3NzU7Y29vcGVyLndlYnNpdGV3ZWxjb21lLmNvbQ==
X-Local-Domain: yes

--=_NextPart_0044_0151_2176659280.3299630808
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable






RE: Akses ke antena di rooftop Kobexindo Banjarmasin

[Mdaemon-L] Spam Replay Email Lama

[Syafril Hermansyah via Mdaemon-L]

Pada 25/01/22 11.38, Dedet Saputra menulis:
Mohon bantuan, beberapa akun menerima reply dari percakapan email email 
lama (tahun 2019), tapi yang sekarang pengirimnya bukan @kobexindo.com



Mail yang lama dari spammer?


Capture1.JPG


Perlihatkan message header dari spam mail tersebut.


--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.2 64 bit Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The more that you read, the more things you will know. The more that you 
learn, the more places you'll go.

---  Dr. Seuss, I Can Read With My Eyes Shut!


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] SPAM Baru

[Slamet Raharjo via Mdaemon-L]

 
> [x] Refuse messages which violate RFC standards

Noted Pak, hatur nuhun arahannya.

Best Regards,

Slamet Raharjo
IT Dept.


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] SPAM Baru

[Syafril Hermansyah via Mdaemon-L]

Pada 12/01/22 08.58, Slamet Raharjo via Mdaemon-L menulis:

Saya menerima SPAM lagi seperti terlampir, kira-kira apalagi yang dapat saya 
tuning ya untuk meminimalisir SPAM tersebut.




X-Spam-Status: No, score=3.60 required=5.0
X-Spam-Report: * -4.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%*  
[score: 0.]*  4.9 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish*  0.0 
HTML_MESSAGE BODY: HTML included in message*  0.1 MIME_HTML_ONLY BODY: Message 
only has text/html MIME parts*  0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly 
Named or Formatted*  Colors in HTML*  1.6 TO_NO_BRKTS_HTML_IMG To: lacks 
brackets and HTML and one image*  1.0 FROM_ADDR_WS Malformed From address



Perbaiki seting antispamnya mengikuti tips berikut

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47239.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47240.html

Bayesian spam score dihapus (reset)

- hapus isian folder \\mdaemon\spamassassion\bayes\
- lalu restart Mdaemon service.


From: "June Cheung"



Upgrade ke MDaemon 20.0.1 keatas agar MalFormat From address diatas ditolak.

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/default-domain-and-servers_servers.html

[x] Refuse messages which violate RFC standards

--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.2 64 bit Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Education is the power to think clearly, the power to act well in the 
world's work, and the power to appreciate life.

--- Brigham Young


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] Spam menggunakan Domain perusahaan

[Syafril Hermansyah via Mdaemon-L]

Pada 03/01/22 12.00, Slamet Raharjo via Mdaemon-L menulis:

Kira-kira si hacker tersebut dapat melakikan hijack ke salah satu account kami 
tersebut melalui apa ya ?
Misalnya apakah melakukan Brute force via MSA Port TCP 587 yang belum STARTTLS ?
Ataukah misalnya via Protococol POP3 dan IMAP ?
Ataukah misalnya melalui Webmail  ?



Umumnya Hacker akan pakai script kiddie, tergantung ke ahliannya untuk 
pakai port yang mana.
Port 25 adalah yang umum dipakai hacker amatir karena (umumnya) tidak 
akan ada tolakkan kalau ada error (salah login).


https://en.wikipedia.org/wiki/Script_kiddie


Saya ada kepikiran mau saya aktivekan VPN utuk mencegah modus-modus
hacker yang seperti ini, jadi user hanya dapat akses service e-mail
jika sudah melakukan VPN ke jaringan internal perusahaan, kecuali
service Activesync masuk boleh di akses tanpa VPN (masih open IP
Public).



Ya bisa, asalkan VPN servernya selalu di update.
Di internet, tidak ada yang bebas dari cyber attack kecuali server yang 
tidak dihidupkan.


https://www.uscybersecurity.net/cyber-attack/

Pilihan lain, pakai (free) VPN Indonesia agar koneksi dari luar negeri 
akan otomatis mendapatkan IP Indonesia sehingga otomatis bypass location 
screening.
Penyedia jasa VPN umumnya akan melakukan update/patch secara berkala 
untuk mencegah cyber attack.


Atau gunakan layanan DATA selular Indonesia dengan Roaming mode, dalam 
hal ini SIM card dipasang di MIFI (Mobile/travel/pocket Wifi) sehingga 
bisa dipakai bersama (share) untuk Komputer meja/Laptop/Ponsel/Gawai/Tablet.




--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.1 64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The life so short, the craft so long to learn.
--- Hippocrates


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] Spam menggunakan Domain perusahaan

[Slamet Raharjo via Mdaemon-L]

> Tidak perlu.
> Di MDaemon smtp port 587 sudah built in dan diaktifkan standard instalasi
> karena itu adalah port yang digunakan client (user sendiri) untuk kirim mail
> melalui MDaemon.
> 
> Office outlook terkini mendukung SMTP port 587, demikian pula dengan
> umumnya email client mobile devices.
> Office outlook terkini sudah mendukung protocol Activesync, demikian pula
> dengan umumnya email client di mobile device.
> Actisync pakai protocol http(s), mendukung mail dan PIM accessing sekaligus.

Pak Syafril,

Kira-kira si hacker tersebut dapat melakikan hijack ke salah satu account kami 
tersebut melalui apa ya ?
Misalnya apakah melakukan Brute force via MSA Port TCP 587 yang belum STARTTLS ?
Ataukah misalnya via Protococol POP3 dan IMAP ?
Ataukah misalnya melalui Webmail  ?

Saya ada kepikiran mau saya aktivekan VPN utuk mencegah modus-modus hacker yang 
seperti ini, jadi user hanya dapat akses service e-mail jika sudah melakukan 
VPN ke jaringan internal perusahaan, kecuali service Activesync masuk boleh di 
akses tanpa VPN (masih open IP Public).

Mohon pencerahan.

Best Regards,

Slamet Raharjo
IT Dept.


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] Spam menggunakan Domain perusahaan

[Syafril Hermansyah via Mdaemon-L]

Pada 03/01/22 11.11, Slamet Raharjo via Mdaemon-L menulis:

Hal ini terjadi karena location screening tidak aktif, sehingga akun yang 
terhijack
bisa dimanfaatkan oleh hacker dari luar negeri untuk kirim phising spam mail.



Saya memang ada user yang based di Lagos Nigeria Pak, jika saya aktifkan 
location screening, berarti user tersebut akan tidak dapat komunikasi dengan 
MDaemon mail server kami di Indonesia ya ?
Apakah ada caranya hanya user tertentu yang boleh akses dari Nigeria pak 
(sisanya di block) ? Jadi tidak di pukul rata di block.



Masukkan public IP yang digunakan sender kedalam Dynamic Whitelist.

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/dynamic-screening_dynamic-whitelist.html

Pilihan lain bisa lihat disini

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg46863.html


Jika saya mengaktifkan ini :

3. SSL/TLS untuk MSA port (tcp 587) diaktifkan

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/ssl_mdaemon.html

[x] SMTP server requires STARTTLS on MSA port

Apakah di sisi user harus ada penyesuain pak (user yang mengguanakan Microsoft 
Outlook, Ipad maupun Smartphone) ?



Tidak perlu.
Di MDaemon smtp port 587 sudah built in dan diaktifkan standard 
instalasi karena itu adalah port yang digunakan client (user sendiri) 
untuk kirim mail melalui MDaemon.


Office outlook terkini mendukung SMTP port 587, demikian pula dengan 
umumnya email client mobile devices.
Office outlook terkini sudah mendukung protocol Activesync, demikian 
pula dengan umumnya email client di mobile device.

Actisync pakai protocol http(s), mendukung mail dan PIM accessing sekaligus.


--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.1 64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The only thing that stands between you and your dream is the will to try 
and the belief that it is actually possible.

---  Joel Brown


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] Spam menggunakan Domain perusahaan

[Slamet Raharjo via Mdaemon-L]

> >Coba yang terlampir Pak.
> 
> > Return-path: 
> Authentication-Results: mail.aio.co.id;
>   auth=pass (login) smtp.auth=fparv...@aio.co.id
> > X-MDRemoteIP: 41.203.78.7
> 
> Akun fparv...@aio.co.id terhijack hacker dari Lagos, Nigeria, Africa.
> 
> Hal ini terjadi karena location screening tidak aktif, sehingga akun yang 
> terhijack
> bisa dimanfaatkan oleh hacker dari luar negeri untuk kirim phising spam mail.

Saya memang ada user yang based di Lagos Nigeria Pak, jika saya aktifkan 
location screening, berarti user tersebut akan tidak dapat komunikasi dengan 
MDaemon mail server kami di Indonesia ya ?
Apakah ada caranya hanya user tertentu yang boleh akses dari Nigeria pak 
(sisanya di block) ? Jadi tidak di pukul rata di block.

> 
> http://mdaemon.dutaint.co.id/mdaemon/21.5.0/screening_location-
> screening.html
> 
> SMTP port 25 juga belum memblock authentication attempt sehingga hacker
> bebas mencoba cari tahu username/password di server mail.aio.co.id.
> Demikian pula koneksi POP3/IMAP/Webmail yang belum di secure, membuat
> hacker bebas memilih services lain untuk ujicoba hijacking.
> 
> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47878.html

Jika saya mengaktifkan ini :

3. SSL/TLS untuk MSA port (tcp 587) diaktifkan

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/ssl_mdaemon.html

[x] SMTP server requires STARTTLS on MSA port

Apakah di sisi user harus ada penyesuain pak (user yang mengguanakan Microsoft 
Outlook, Ipad maupun Smartphone) ?

Mohon pencerahan.

Best Regards,

Slamet Raharjo
IT Dept.


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] Spam menggunakan Domain perusahaan

[Syafril Hermansyah via Mdaemon-L]

Pada 31 Desember 2021 17.10.59 WIB, Slamet Raharjo via Mdaemon-L 
 menulis:



>> Berikan internet headernya (full message header).
>


>Coba yang terlampir Pak.

> Return-path: 
Authentication-Results: mail.aio.co.id;
auth=pass (login) smtp.auth=fparv...@aio.co.id
> X-MDRemoteIP: 41.203.78.7

Akun fparv...@aio.co.id terhijack hacker dari Lagos, Nigeria, Africa.

Hal ini terjadi karena location screening tidak aktif, sehingga akun yang 
terhijack bisa dimanfaatkan oleh hacker dari luar negeri untuk kirim phising 
spam mail.

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/screening_location-screening.html

SMTP port 25 juga belum memblock authentication attempt sehingga hacker bebas 
mencoba cari tahu username/password di server mail.aio.co.id.
Demikian pula koneksi POP3/IMAP/Webmail yang belum di secure, membuat hacker 
bebas memilih services lain untuk ujicoba hijacking.

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47878.html



-- 
syafril
--
Syafril Hermansyah

Sent from my Android device with K-9 Mail. Please excuse any typo and my brevity

--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] Spam menggunakan Domain perusahaan

[Slamet Raharjo via Mdaemon-L]

> Headernya tidak lengkap.
> Sama dengan is file ForwardedMessage.eml, hasil forward as attachment nya
> outlook.
> 
> Berikan internet headernya (full message header).

Dear Pak Syafril,

Coba yang terlampir Pak.

Best Regards,

Slamet Raharjo
IT Dept.

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=aio.co.id; s=MDaemon; t=1640835269; x=1641440069;
i=fparv...@aio.co.id; q=dns/txt; h=Content-Type:MIME-Version:
Subject:To:From:Date; bh=FDIzPurERp4QpisreBBL5mnpt0TX/xlpY2PZOGU
eJkE=; b=qjuSjpODdUzIU4BfgM9Mes3KwLpdHR59sjkgsY+mA4PQMrfzrR+byFM
MQ2FBBwJ+Xwzf5Fk0K/Qr4XI46IV//zpf7qx/FGiMQqnoNCOXwpFWTB9M689qTGi
UBg1A0CquWX3z8n/KbHfi8CYvGnoRPJ0NVi42yk3DKUNTwt36deI=
X-MDAV-Result: clean
X-MDAV-Processed: mail.aio.co.id, Thu, 30 Dec 2021 10:34:29 +0700
Return-path: 
Authentication-Results: mail.aio.co.id;
auth=pass (login) smtp.auth=fparv...@aio.co.id
Received: by aio.co.id with ESMTPA id md50029286779.msg; Thu, 30 Dec 2021 
10:34:27 +0700
X-Spam-Processed: mail.aio.co.id, Thu, 30 Dec 2021 10:34:27 +0700
(not processed: message from trusted or authenticated source)
X-MDOP-RefID: 
str=0001.0A67340F.61CBFA71.0090,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
 (_st=4 _vt=0 _iwf=0)
X-MDRemoteIP: 41.203.78.7
X-MDArrival-Date: Thu, 30 Dec 2021 10:34:27 +0700
X-Authenticated-Sender: fparv...@aio.co.id
X-Rcpt-To: sraha...@aio.co.id
X-MDRcpt-To: sraha...@aio.co.id
X-Return-Path: prvs=199892a6e6=fparv...@aio.co.id
X-Envelope-From: fparv...@aio.co.id
X-MDaemon-Deliver-To: sraha...@aio.co.id
Content-Type: multipart/alternative; boundary="===1361683827=="
MIME-Version: 1.0
Subject: (aio-family) Your AIO Account will be permanently closed
To: sraha...@aio.co.id
From: "Admin AIO Team" 
Date: Thu, 30 Dec 2021 04:34:22 +0100

[Mdaemon-L] Spam menggunakan Domain perusahaan

[Syafril Hermansyah via Mdaemon-L]

On 12/31/21 2:04 PM, Slamet Raharjo via Mdaemon-L wrote:

salin isi Internet header ke notepad lalu lampirkan di email.

Terlampir internet headernya Pak.



Headernya tidak lengkap.
Sama dengan is file ForwardedMessage.eml, hasil forward as attachment 
nya outlook.


Berikan internet headernya (full message header).





--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.1 64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Change is the end result of all true learning.
--- Leo Buscaglia


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] Spam menggunakan Domain perusahaan

[Slamet Raharjo via Mdaemon-L]

 
> Perlihatkan message header lengkap (full) dari spam mail tersebut kesini.
> 
> Cara melihat message header
> 
> https://mxtoolbox.com/Public/Content/EmailHeaders/#/Outlook_2016
> 
> salin isi Internet header ke notepad lalu lampirkan di email.

Terlampir internet headernya Pak.

Best Regards,

Slamet Raharjo
IT Dept.


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

Received: by aio.co.id with ESMTPA id md50029286779.msg; Thu, 30 Dec 2021 
10:34:27 +0700
From: "Admin AIO Team" 
To: 
Subject: (aio-family) Your AIO Account will be permanently closed
Date: Thu, 30 Dec 2021 10:34:22 +0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_NextPart_000_001E_01D7FD74.B6A04770"
X-Mailer: Microsoft Outlook 16.0
X-MDAV-Processed: mail.aio.co.id, Thu, 30 Dec 2021 10:34:29 +0700
X-Spam-Processed: mail.aio.co.id, Thu, 30 Dec 2021 10:34:27 +0700   (not 
processed: message from trusted or authenticated source)
X-Rcpt-To: sraha...@aio.co.id
X-MDRcpt-To: sraha...@aio.co.id
X-Envelope-From: fparv...@aio.co.id
X-MDaemon-Deliver-To: sraha...@aio.co.id
Thread-Index: Adf9LiV9NPWW6wGKSUWkODztN1GP4Q==

[Mdaemon-L] Spam menggunakan Domain perusahaan

[Syafril Hermansyah via Mdaemon-L]

On 12/30/21 11:59 AM, Slamet Raharjo via Mdaemon-L wrote:

Mohon pencerahannya, kami banyak menerima e-mail seperti terlampir, kira-kira 
root causenya apa ya Pak ?



Perlihatkan message header lengkap (full) dari spam mail tersebut kesini.

Cara melihat message header

https://mxtoolbox.com/Public/Content/EmailHeaders/#/Outlook_2016

salin isi Internet header ke notepad lalu lampirkan di email.


--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.1 64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Education is the power to think clearly, the power to act well in the 
world's work, and the power to appreciate life.

--- Brigham Young


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.1, SecurityGateway 8.0.4

[Mdaemon-L] Spam Lolos

[Syafril Hermansyah via Mdaemon-L]

On 25/05/21 21.40, Bambang Setiawan via Mdaemon-L wrote:

Mohon bantuan analisanya, untuk spam yang berhasil lolos ini kenapa ya pak,



Karena messagenya dikirim melalui server yang legalitasnya sesuai ketentuan 
dari Internet Mail, sehingga lolos screening legalitas checknya MDaemon.
Spam macam ini umumnya terjadi akibat ada akun kena hijack, sehingga sender 
mailnya bisa sangat bervariasi.
Dalam kasus seperti ini hanya antispam content filtering yang bisa menangani, 
karena indikasi spam adanya di content message bukan di message header.



Tue 2021-05-25 20:47:30.958: [13909663] Passing message through Outbreak 
Protection...
Tue 2021-05-25 20:47:30.958: [13909663] *  Message-ID: 
<4.0.9d.293.8r385u03trn952...@fdydo.co.jp>
Tue 2021-05-25 20:47:30.958: [13909663] *  Reference-ID: 
str=0001.0A67340D.60ACC854.002D,ss=3,sh,re=0.000,recu=0.000,reip=0.000,pt=C_5816,cl=4,cld=1,fgs=0
Tue 2021-05-25 20:47:30.958: [13909663] *  Virus result: 0 - Clean
Tue 2021-05-25 20:47:30.959: [13909663] *  Spam result: 4 - Spam (confirmed)
Tue 2021-05-25 20:47:30.959: [13909663] *  IWF result: 0 - Clean
Tue 2021-05-25 20:47:30.959: [13909663]  End Outbreak Protection results
Tue 2021-05-25 20:47:30.961: [13909663] Passing message through Spam Filter 
(Size: 3882)...
Tue 2021-05-25 20:47:31.340: [13909663] *  2.5 MDAEMON_OP_SPAM_HIGH MDaemon: 
spam/phish
Tue 2021-05-25 20:47:31.340: [13909663] *  0.5 PDS_BTC_ID FP reduced Bitcoin ID
Tue 2021-05-25 20:47:31.340: [13909663]  End SpamAssassin results
Tue 2021-05-25 20:47:31.340: [13909663] Spam Filter score/req: 3.00/10.0 



Dari log terlihat bahwa sebenarnya message itu tidak lolos spam filter, dalam 
hal ini Outbreak Protection mendeteksinya sebagai spam.
Tetapi karena setting OP untuk spam tidak reject, untuk menghindari false 
positive result, maka mail nya diteruskan ke local queue.

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg37676.html


X-Spam-Report:
*  2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish
*  0.5 PDS_BTC_ID FP reduced Bitcoin ID
X-Spam-Processed: mail.persada.id, Tue, 25 May 2021 20:47:34 +0700
(processed during SMTP session)
X-MDOP-RefID: str=0001.0A67340D.60ACC854.002D,ss=3,sh,re=0.000,recu=0.000,reip=0.000,pt=C_5816,cl=4,cld=1,fgs=0 (_st=4 _vt=0 _iwf=0) 



Lakukan filter terhadap message dimana Outbreak Protection mendeteksi sebagai 
spam, pindahkan ke holding queue atau quarantine queue (agar Administrator 
mendapat notification adanya mail disitu).
Setelah itu secara manual pilah message yang asli spam untuk dihapus, sementara 
non-spam (false positive result) laporkan ke MDaemon.com (dari Right-Mouse Clik menu 
pilih "Report to MDaemon.com as Spam False Positive) agar kedepannya tidak lagi 
terjadi FP result.

Content Filter Rulenya bisa seperti ini

http://mdaemon.dutaint.co.id/mdaemon/21.0.1/cf_creating_a_new_content_filter_rule.html

RuleName=Outbreak Protection Spam Detection
Enable=Yes
ThisRuleCondition=All
ProcessQueue=BOTH
Condition01=If define header X-Spam-Report contains MDAEMON_OP_SPAM_HIGH
Action01=Copy Message to folder \\mdaemon\queues\holding (atau ke 
\\mdaemon\Cfilter\quarant)
Action02=Delete the Message

Kalau tidak sabar menunggu response dari MDaemon.com untuk perbaikkan Spam 
False Positive, boleh masukkan From address atau sender address kedalam 
Antispam Whitelist No Filtering

http://mdaemon.dutaint.co.id/mdaemon/21.0.1/sf_white_list.html







--
syafril
---
Syafril Hermansyah


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.0.2, SecurityGateway 8.0.1

[Mdaemon-L] Spam Lolos

[Bambang Setiawan via Mdaemon-L]

Dear Pak Syafril,


Mohon bantuan analisanya, untuk spam yang berhasil lolos ini kenapa ya 
pak, terima kasih


Lognya sbb :

Tue 2021-05-25 20:47:29.264: [13909663] Session 13909663; child 0001
Tue 2021-05-25 20:47:29.264: [13909663] Accepting SMTP connection from 
59.84.175.233:29451 to 124.81.84.135:25
Tue 2021-05-25 20:47:29.264: [13909663] Location Screen says connection 
is from Japan, Asia
Tue 2021-05-25 20:47:29.265: [13909663] --> 220 mail.persada.id ESMTP 
MDaemon 21.0.1; Tue, 25 May 2021 20:47:29 +0700

Tue 2021-05-25 20:47:29.368: [13909663] <-- EHLO mgsp102.cybermail.jp
Tue 2021-05-25 20:47:29.368: [13909663] --> 250-mail.persada.id Hello 
mgsp102.cybermail.jp [59.84.175.233], pleased to meet you

Tue 2021-05-25 20:47:29.368: [13909663] --> 250-ETRN
Tue 2021-05-25 20:47:29.368: [13909663] Location Screening hiding AUTH 
from country Japan, Asia

Tue 2021-05-25 20:47:29.368: [13909663] --> 250-8BITMIME
Tue 2021-05-25 20:47:29.368: [13909663] --> 250-ENHANCEDSTATUSCODES
Tue 2021-05-25 20:47:29.368: [13909663] --> 250 SIZE
Tue 2021-05-25 20:47:29.467: [13909663] <-- MAIL 
FROM:
Tue 2021-05-25 20:47:29.477: [13909663] Performing PTR lookup 
(233.175.84.59.IN-ADDR.ARPA)
Tue 2021-05-25 20:47:29.656: [13909663] * D=233.175.84.59.IN-ADDR.ARPA 
TTL=(1440) PTR=[mgsp102.cybermail.jp]
Tue 2021-05-25 20:47:29.797: [13909663] *  D=mgsp102.cybermail.jp 
TTL=(30) A=[59.84.175.233]

Tue 2021-05-25 20:47:29.797: [13909663]  End PTR results
Tue 2021-05-25 20:47:29.800: [13909663] Performing IP lookup 
(mgsp102.cybermail.jp)
Tue 2021-05-25 20:47:29.801: [13909663] *  D=mgsp102.cybermail.jp 
TTL=(30) A=[59.84.175.233]

Tue 2021-05-25 20:47:29.801: [13909663]  End IP lookup results
Tue 2021-05-25 20:47:29.807: [13909663] Performing IP lookup (fdydo.co.jp)
Tue 2021-05-25 20:47:29.851: [13909663] *  D=fdydo.co.jp TTL=(60) 
A=[202.189.180.66]
Tue 2021-05-25 20:47:30.083: [13909663] *  P=010 S=000 D=fdydo.co.jp 
TTL=(5) MX=[mg.cybermail.jp] {59.84.175.228}

Tue 2021-05-25 20:47:30.083: [13909663]  End IP lookup results
Tue 2021-05-25 20:47:30.085: [13909663] Performing SPF lookup 
(mgsp102.cybermail.jp / 59.84.175.233)
Tue 2021-05-25 20:47:30.203: [13909663] *  Result: none; no SPF record 
in DNS

Tue 2021-05-25 20:47:30.203: [13909663]  End SPF results
Tue 2021-05-25 20:47:30.203: [13909663] Performing SPF lookup 
(fdydo.co.jp / 59.84.175.233)
Tue 2021-05-25 20:47:30.224: [13909663] *  Policy: v=spf1 
include:spfcm.cybermail.jp +ip4:153.149.98.115/32 -all
Tue 2021-05-25 20:47:30.224: [13909663] *  Evaluating 
include:spfcm.cybermail.jp: performing lookup
Tue 2021-05-25 20:47:30.328: [13909663] *    Policy: v=spf1 
ip4:59.84.175.224/27 ip4:120.137.171.0/25 ip4:27.121.5.128/25 
ip4:59.84.175.64/26 ip4:42.125.229.64/26 ip4:168.138.218.72 
ip4:158.101.93.181 ip4:168.138.36.14 ip4:168.138.33.163 
ip4:158.101.76.206 ip4:158.101.133.234 ip4:158.
Tue 2021-05-25 20:47:30.328: [13909663] *    Evaluating 
ip4:59.84.175.224/27: match
Tue 2021-05-25 20:47:30.328: [13909663] *  Evaluating 
include:spfcm.cybermail.jp: match

Tue 2021-05-25 20:47:30.328: [13909663] *  Result: pass
Tue 2021-05-25 20:47:30.328: [13909663]  End SPF results
Tue 2021-05-25 20:47:30.328: [13909663] --> 250 2.1.0 Sender OK
Tue 2021-05-25 20:47:30.427: [13909663] <-- RCPT TO:
Tue 2021-05-25 20:47:30.434: [13909663] Performing DNS-BL lookup 
(59.84.175.233 - connecting IP)

Tue 2021-05-25 20:47:30.451: [13909663] *  zen.spamhaus.org - passed
Tue 2021-05-25 20:47:30.545: [13909663] *  bl.spamcop.net - passed
Tue 2021-05-25 20:47:30.545: [13909663]  End DNS-BL results
Tue 2021-05-25 20:47:30.547: [13909663] --> 250 2.1.5 Recipient OK
Tue 2021-05-25 20:47:30.646: [13909663] <-- DATA
Tue 2021-05-25 20:47:30.648: [13909663] --> 354 Enter mail, end with 
.

Tue 2021-05-25 20:47:30.846: [13909663] Message size: 3882 bytes
Tue 2021-05-25 20:47:30.848: [13909663] Performing DKIM verification
Tue 2021-05-25 20:47:30.848: [13909663] *  File: 
c:\mdaemon\queues\temp\md500106109.tmp
Tue 2021-05-25 20:47:30.848: [13909663] *  Message-ID: 
<4.0.9d.293.8r385u03trn952...@fdydo.co.jp>

Tue 2021-05-25 20:47:30.848: [13909663] *  Result: neutral
Tue 2021-05-25 20:47:30.848: [13909663]  End DKIM results
Tue 2021-05-25 20:47:30.856: [13909663] Performing DMARC processing
Tue 2021-05-25 20:47:30.856: [13909663] *  File: 
c:\mdaemon\queues\temp\md500106109.tmp
Tue 2021-05-25 20:47:30.856: [13909663] *  Message-ID: 
<4.0.9d.293.8r385u03trn952...@fdydo.co.jp>

Tue 2021-05-25 20:47:30.856: [13909663] *  Author domain: fdydo.co.jp
Tue 2021-05-25 20:47:30.856: [13909663] *  Organizational domain: 
fdydo.co.jp

Tue 2021-05-25 20:47:30.856: [13909663] *  Query domain: _dmarc.fdydo.co.jp
Tue 2021-05-25 20:47:30.889: [13909663] *    No DMARC policy record found
Tue 2021-05-25 20:47:30.889: [13909663] *  Action taken: none
Tue 2021-05-25 20:47:30.889: [13909663] *  Result: none
Tue 2021-05-25 20:47:30.889: [13909663]  End DMARC results
Tue 2021-05-25 

[mdaemon-l] SPAM tidak terdeteksi

[Syafril Hermansyah via mdaemon-l]

On 22/12/20 10.40, Arif Santoso wrote:

---
Kalau reply sisakan kutipan teks asli yang sesuai agar diskusinya fokus.

https://www.netmeister.org/news/learn2quote1.html

https://wiki.openstack.org/wiki/MailingListEtiquette#Replies

selalu gunakan bottom posting style atau inline reply untuk kemudahan
dibaca orang lain.

https://brooksreview.net/2011/01/interleaved-email/

Writing an email is like writing an article. Only quote the relevant parts,
interspersing your new remarks between the quoted passages. Don’t quote anything
at all from the original message if you don’t have to.

Di outlook bisa otomatis melakukan penggunaan Internet Quote Style sbb:

https://www.slipstick.com/outlook/email/to-use-internet-style-quoting/


> Terlampir Pak Syafril

> Tue 2020-12-22 00:03:45.049: Spam filter scan skipped; message size (271395) 
> exceeds spam filter configured max size of (102400)


Spam filter di skip (tidak diproses) karena message sizenya melebihi limit.

Upgrade ke MD 20.x yang batasan antispam content filteringnya bisa unlimited.

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?sf_options.htm

Don't filter messages larger than [XX] MB MB (1-99, 0 = no limit)


Transkrip log ini tidak sesuai dengan dengan routing log yang tadi diberikan.

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg46834.html

memang agak repot mencarinya kalau message-id tidak ada (kosong).
Harusnya terisi message-id nya kalau menu berikut aktif


http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?preferences_headers.htm

If missing, insert these headers
[x] Date
[x] Message-ID

-- 
syafril

Syafril Hermansyah

MDaemon-L Moderator, run MDaemon 21.0 64bit Beta D
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.

Education is the kindling of a flame, not the filling of a vessel.
--- Socrates



-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.2

[mdaemon-l] SPAM tidak terdeteksi

[Arif Santoso]

Terlampir Pak Syafril

Tue 2020-12-22 00:03:32.811: Session 115608; child 0008
Tue 2020-12-22 00:03:32.811: Accepting SMTP connection from 211.13.204.73:55341 
to 10.99.0.1:25
Tue 2020-12-22 00:03:32.823: --> 220 mail.eaglehighplantations.com ESMTP 
MDaemon 19.5.5; Tue, 22 Dec 2020 00:03:32 +0700
Tue 2020-12-22 00:03:32.925: <-- EHLO relay.shared-server.net
Tue 2020-12-22 00:03:32.926: EHLO/HELO response delayed 10 seconds
Tue 2020-12-22 00:03:42.926: --> 250-mail.eaglehighplantations.com Hello 
relay.shared-server.net [211.13.204.73], pleased to meet you
Tue 2020-12-22 00:03:42.926: --> 250-ETRN
Tue 2020-12-22 00:03:42.926: Location Screening hiding AUTH from country Japan
Tue 2020-12-22 00:03:42.926: --> 250-8BITMIME
Tue 2020-12-22 00:03:42.926: --> 250-ENHANCEDSTATUSCODES
Tue 2020-12-22 00:03:42.926: --> 250-STARTTLS
Tue 2020-12-22 00:03:42.926: --> 250 SIZE 5632
Tue 2020-12-22 00:03:43.046: <-- MAIL FROM: SIZE=271063
Tue 2020-12-22 00:03:43.046: Performing PTR lookup (73.204.13.211.IN-ADDR.ARPA)
Tue 2020-12-22 00:03:43.049: * D=73.204.13.211.in-addr.arpa TTL=(239) 
PTR=[relay.shared-server.net]
Tue 2020-12-22 00:03:43.051: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.69]
Tue 2020-12-22 00:03:43.051: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.70]
Tue 2020-12-22 00:03:43.051: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.71]
Tue 2020-12-22 00:03:43.051: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.74]
Tue 2020-12-22 00:03:43.051: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.73]
Tue 2020-12-22 00:03:43.051: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.68]
Tue 2020-12-22 00:03:43.051: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.67]
Tue 2020-12-22 00:03:43.051: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.65]
Tue 2020-12-22 00:03:43.051: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.72]
Tue 2020-12-22 00:03:43.051: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.66]
Tue 2020-12-22 00:03:43.051:  End PTR results
Tue 2020-12-22 00:03:43.051: Performing IP lookup (relay.shared-server.net)
Tue 2020-12-22 00:03:43.054: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.74]
Tue 2020-12-22 00:03:43.054: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.69]
Tue 2020-12-22 00:03:43.054: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.70]
Tue 2020-12-22 00:03:43.054: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.72]
Tue 2020-12-22 00:03:43.054: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.68]
Tue 2020-12-22 00:03:43.054: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.65]
Tue 2020-12-22 00:03:43.054: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.67]
Tue 2020-12-22 00:03:43.054: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.66]
Tue 2020-12-22 00:03:43.054: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.71]
Tue 2020-12-22 00:03:43.054: * D=relay.shared-server.net TTL=(239) 
A=[211.13.204.73]
Tue 2020-12-22 00:03:43.054:  End IP lookup results
Tue 2020-12-22 00:03:43.056: Performing IP lookup (elze.co.jp)
Tue 2020-12-22 00:03:43.058: * D=elze.co.jp TTL=(59) A=[211.13.196.163]
Tue 2020-12-22 00:03:43.060: * P=100 S=000 D=elze.co.jp TTL=(59) 
MX=[mx.elze.co.jp] {211.13.204.14}
Tue 2020-12-22 00:03:43.060:  End IP lookup results
Tue 2020-12-22 00:03:43.066: Performing SPF lookup (relay.shared-server.net / 
211.13.204.73)
Tue 2020-12-22 00:03:43.071: * Result: none; no SPF record in DNS
Tue 2020-12-22 00:03:43.071:  End SPF results
Tue 2020-12-22 00:03:43.071: Performing SPF lookup (elze.co.jp / 211.13.204.73)
Tue 2020-12-22 00:03:43.071: * Policy (cache): v=spf1 ip4:211.13.204.0/24 
wlinclude:ptpn2.com -all
Tue 2020-12-22 00:03:43.071: * Evaluating ip4:211.13.204.0/24: match
Tue 2020-12-22 00:03:43.071: * Result: pass
Tue 2020-12-22 00:03:43.071:  End SPF results
Tue 2020-12-22 00:03:43.071: --> 250 2.1.0 Sender OK
Tue 2020-12-22 00:03:43.171: <-- RCPT TO:
Tue 2020-12-22 00:03:43.184: Performing DNS-BL lookup (211.13.204.73 - 
connecting IP)
Tue 2020-12-22 00:03:43.400: * zen.spamhaus.org - passed
Tue 2020-12-22 00:03:43.400:  End DNS-BL results
Tue 2020-12-22 00:03:43.400: --> 250 2.1.5 Recipient OK
Tue 2020-12-22 00:03:44.958: <-- DATA
Tue 2020-12-22 00:03:44.963: Creating temp file (SMTP): 
c:\mdaemon\queues\temp\md5665844.tmp
Tue 2020-12-22 00:03:44.963: --> 354 Enter mail, end with .
Tue 2020-12-22 00:03:45.039: Message size: 271395 bytes
Tue 2020-12-22 00:03:45.045: Performing DKIM lookup
Tue 2020-12-22 00:03:45.045: * File: c:\mdaemon\queues\temp\md5665844.tmp
Tue 2020-12-22 00:03:45.045: * Message-ID: 
<20201221170450.0f61c11f...@m34-blue.in.shared-server.net>
Tue 2020-12-22 00:03:45.045: * Result: neutral
Tue 2020-12-22 00:03:45.045:  End DKIM results
Tue 2020-12-22 00:03:45.049: Spam filter scan skipped; message size (271395) 
exceeds spam filter configured max size of (102400)
Tue 2020-12-22 00:03:45.101: Message creation successful: 

[mdaemon-l] SPAM tidak terdeteksi

[Syafril Hermansyah via mdaemon-l]

On December 22, 2020 9:56:28 AM GMT+07:00, Arif Santoso 
 wrote:

>
>Mau Tanya dong, kenapa masih bisa kebobolan SPAM yang tidak di label
>"SPAM"
>ya.


Antispam content filtering di MDaemon bekerja di level SMTP.
Perlihatkan transaksinya di smtp-in log, bukan routing log.

Pilihan lain, perlihatkan full message header dari spam mail tersebut kesini.




-- 
syafril
--
Syafril Hermansyah

Sent from my Android device with K-9 Mail. Please excuse any typo and my brevity


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.2

[mdaemon-l] SPAM tidak terdeteksi

[Arif Santoso]

Dear All,

 

Mau Tanya dong, kenapa masih bisa kebobolan SPAM yang tidak di label "SPAM"
ya.

Cara supaya tidak kebobolan gimana ya?

 

Tue 2020-12-22 00:03:55.366: INBOUND message: md50004560236.msg

Tue 2020-12-22 00:03:55.366: * From: "helpd...@eaglehighplantations.com"


Tue 2020-12-22 00:03:55.366: * To: "helpd...@eaglehighplantations.com"


Tue 2020-12-22 00:03:55.366: * Subject: RE: [helpdesk] Operation Performance
Report Region PAPUA {01}

Tue 2020-12-22 00:03:55.367: * Message-ID:

Tue 2020-12-22 00:03:55.367: * Size: 273119;
c:\mdaemon\queues\local\md80015279779.msg

 

Rgds,

 

Arif 


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.2

[mdaemon-l] [***SPAM*** Score/Req: 10.50/5.0] Your Email-ID pembelian-morow...@thaplantation.com Suspension!!

[Syafril Hermansyah via mdaemon-l]

On 19/11/20 12.52, bonayad...@thaplantation.com wrote:
> Apakah yg dimaksud seperti ini pak?


Ya.


> Authentication-Results: mail.thaplantation.com;
> spf=pass smtp.mailfrom=ad...@ama-zw.com;
> dmarc=none header.from=ama-zw.com (p=quarantine sampling=23 pct=100);
> iprev=pass policy.iprev=185.144.30.251 (PTR finance.pserver.ru);
> iprev=pass policy.iprev=185.144.30.251 (HELO ama-zw.com);
> iprev=pass policy.iprev=185.144.30.251 (MAIL ad...@ama-zw.com)


Diblock saja sender host/IPnya.

Sudah saya update ke

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat



-- 
syafril

Syafril Hermansyah

MDaemon-L Moderator, run MDaemon 20.5.0 64bit Beta B
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.

Most people spend their entire lives in a fantasy Island called ‘Someday I’ll.’
--- Denis Waitley


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.1

[mdaemon-l] [***SPAM*** Score/Req: 10.50/5.0] Your Email-ID pembelian-morow...@thaplantation.com Suspension!!

[Syafril Hermansyah via mdaemon-l]

On 19/11/20 09.49, bonayad...@thaplantation.com wrote:
> User kami terima email seperti berikut. Mohon pencerahannya dan langkah yg
> harus dilakukan agar tidak kejadian lagi pak.

>  Forwarded Message 
> Subject:  [***SPAM*** Score/Req: 10.50/5.0] Your Email-ID 
> pembelian-morow...@thaplantation.com Suspension!!
> Date: 17 Nov 2020 23:54:06 -0800
> From: Administrator 
> To:   pembelian-morow...@thaplantation.com


Perlihatkan message header dari spam mail tersebut kesini.

https://mxtoolbox.com/Public/Content/EmailHeaders/#/Netscape

-- 
syafril

Syafril Hermansyah

MDaemon-L Moderator, run MDaemon 20.5.0 64bit Beta B
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.

Banyak yang tidak menyadari bahwa untuk bisa menjadi pemimpin yang baik
sebenarnya harus pernah membuktikan dirinya pernah menjadi orang yang dipimpin.
--- Dahlan Iskan


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.3, SecurityGateway 7.0.1

[mdaemon-l] SPAM MAIL

[Syafril Hermansyah via mdaemon-l]

On 05/08/20 14.13, Hendra Wijaya via mdaemon-l wrote:

---
Mohon tidak menggunakan top posting style saat reply di milis ini.
Selalu gunakan bottom posting atau interleave style seperti contoh
berikut ini

https://wiki.openstack.org/wiki/MailingListEtiquette#Replies

Top posting merepotkan pembacaan karena perlu waktu scroll up/down untuk
mengerti konteks pembicaraan.

http://daringfireball.net/2007/07/on_top

The fundamental source of poor email style is the practice of quoting
the entire message you’re replying to. If that’s what you do, then it
doesn’t matter whether you put your response at the top or bottom. In
fact, if you’re going to quote the entire message, top-posting probably
is better. But both are poor form.

Writing an email is like writing an article. Only quote the relevant
parts, interspersing your new remarks between the quoted passages. Don’t
quote anything at all from the original message if you don’t have to.

Does it take more time to edit the portions of quoted text included in
your reply? Yes. So does spell-checking and proofreading. It also takes
time to shower and brush your teeth each day.

Inline reply perlu penggunaan Internet Quote Style untuk membedakan teks yang
dikutip ulang dengan teks tulisan sendiri (response text).
Agar bisa dilakukan secara otomatis mak ubah sedikit setting outlooknya sbb:

https://www.slipstick.com/outlook/email/to-use-internet-style-quoting/
---

> Berikut ini header da nisi dari mail SPAMnya,
> 
> Subject: Periksa kerahasiaan informasi Anda (sesuai dengan layanan keamanan
> kami, akun Anda telah diretas).


Itu bukan message header, tetapi content dari mail.

Message header itu seperti ini

https://whatismyipaddress.com/email-header

dan cara melihat message header di outlook seperti ini

https://mxtoolbox.com/Public/Content/EmailHeaders/#/Outlook_2013

kalau di MDaemon webmail
- pilih message yang akan dilihat headernya.
- setelah itu pilih menu "view source", bisa dari Right Mouse Click menu atau
dari Icon Menu.





-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Don’t worry about failures, worry about the chances you miss when you don’t even
try.
--- Jack Canfield


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] SPAM MAIL

[Syafril Hermansyah via mdaemon-l]

On 05/08/20 12.18, Hendra Wijaya via mdaemon-l wrote:
> Jika kita sering terima email SPAM ini gimana antisipasi dari sisi Mail Server
> kita supaya tidak sampai ke user mail kita langsung.


> From: latat...@hotmeil.es [mailto:latat...@hotmeil.es]
> Sent: 04 Agustus 2020 4:37
> To: v...@nikkoindonesia.com
> Subject: Periksa kerahasiaan informasi Anda (sesuai dengan layanan keamanan 
> kami, akun Anda telah diretas).


Perlihatkan message header spam mail ini.



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Learn from yesterday, live for today, hope for tomorrow. The important thing is
not to stop questioning.
--- Albert Einstein


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] Spam Mailing List

[Syafril Hermansyah]

On 24/06/20 09.32, Sony Aditya wrote:
>> Set mailing listnya sebagai Private List (only member allow post)
>> http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ml_options.htm 
>> [x] Refuse messages from non list members
> Alamat tersebut memang untuk koordinasi antar divisi agar tidak mention 1by1
> di listnya, jadi tidak bisa di terapkan langkah tersebut.


Kalau itu milis internal bisa dimasukkan ALL_USERS:richtex.co.id sebagai post
only member.

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg35807.html

>> Bisa seperti itu, atau masukkan sender domain kedalam Mailing List
>> suppression (blacklist)
>> http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ml_support_files.htm
> 
> Apakah tidak ada solusi lain agar mencegah email serupa terulang kembali
> entah ke mailing list atau ke user privat pak?


Bisa dimasukkan sender IP atau sender IP identity (PTR record) kedalam
Blacklist/Screening.

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?security--ip_screening.htm

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?security--host_screening.htm



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0.1-64 bit Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

We are products of our past, but we don't have to be prisoners of it.
--- Rick Warren


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] Spam Mailing List

[Sony Aditya]

> Set mailing listnya sebagai Private List (only member allow post)
> http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ml_options.htm 
> [x] Refuse messages from non list members

Alamat tersebut memang untuk koordinasi antar divisi agar tidak mention 1by1
di listnya, jadi tidak bisa di terapkan langkah tersebut.

> Bisa seperti itu, atau masukkan sender domain kedalam Mailing List
> suppression (blacklist)
> http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ml_support_files.htm

Apakah tidak ada solusi lain agar mencegah email serupa terulang kembali
entah ke mailing list atau ke user privat pak?
Karena user tersebut verified  dan cukup bersih di konfigurasi saya,
walaupun saat di cek blacklist ip tersebut listed di 4 RBL lain.

Terima kasih.


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] Spam Mailing List

[Syafril Hermansyah]

On 24/06/20 08.21, Sony Aditya wrote:
> Mohon detail arahannya untuk mencegah spam lolos seperti log terlampir agar
> tidak terulang kembali di kemudian hari dengan pola yang sama.


Set mailing listnya sebagai Private List (only member allow post)

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ml_options.htm

[x] Refuse messages from non list members

> Saat ini saya hanya memblock serve0.sdesk1.pw [192.236.161.60].


Bisa seperti itu, atau masukkan sender domain kedalam Mailing List suppresion
(blacklist)

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?ml_support_files.htm



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0.1-64 bit Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Experience is a hard teacher because she gives the test first, the lesson
afterwards.
--- Vernon Saunders Law


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] Spam Bulk

[Slamet Raharjo]

> > Sat 2019-12-28 11:47:28.661: -- Sat 2019-12-28 11:47:28.670:
> > LOCAL message: pd80051912321.msg Sat 2019-12-28 11:47:28.670: *  From:
> > "Slamet Raharjo"  Sat 2019-12-28 11:47:28.670: *
> > To: "Test Sukabumi" 
> 
> 
> Ini buka masalah spam bulk.
> Buat thread baru kalau tidak berhubungan dengan spam bulk denga new
> compose, new subject.

Ok Dech.

Best Regards,

Slamet Raharjo
IT Dept.


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] Spam Bulk

[Syafril Hermansyah]

On 28/12/19 12.04, Slamet Raharjo (sraha...@aio.co.id) wrote:
> Berikut hasil pengecekannya :
> 
> Sat 2019-12-28 11:47:28.661: --
> Sat 2019-12-28 11:47:28.670: LOCAL message: pd80051912321.msg
> Sat 2019-12-28 11:47:28.670: *  From: "Slamet Raharjo" 
> Sat 2019-12-28 11:47:28.670: *  To: "Test Sukabumi" 


Ini buka masalah spam bulk.
Buat thread baru kalau tidak berhubungan dengan spam bulk denga new
compose, new subject.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 19.5.3-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Orang rasional menanggapi dunia, orang tdk rasional berusaha membuat
dunia menanggapinya
-- Bernard Shaw


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] Spam Bulk

[Slamet Raharjo]

> > - periksa ke POP3 log server kantor pusat, file
> > \\mdaemon\users\aio.co.id\sukabumi\filexxx.msg di retrive kapan.
> 
> Nanti di cek pak di All Logs, karena POP3 Logs gak ada.

Dear Pak Syafril,

Berikut hasil pengecekannya :

Sat 2019-12-28 11:47:28.661: --
Sat 2019-12-28 11:47:28.670: LOCAL message: pd80051912321.msg
Sat 2019-12-28 11:47:28.670: *  From: "Slamet Raharjo" 
Sat 2019-12-28 11:47:28.670: *  To: "Test Sukabumi" 
Sat 2019-12-28 11:47:28.670: *  Subject: [it-support] Test Sukabumi 17
Sat 2019-12-28 11:47:28.670: *  Message-ID: 

Sat 2019-12-28 11:47:28.670: *  Forwarded copy created; Recipient: 
sukab...@aio.co.id; Message: c:\mdaemon\localq\pd50051912322.msg
Sat 2019-12-28 11:47:28.670: *  Original message deleted; account configured to 
forward without keeping local copy
Sat 2019-12-28 11:47:28.671: *  Size: 3762; c:\mdaemon\localq\pd80051912321.msg

Sat 2019-12-28 11:47:33.690: LOCAL message: pd50051912322.msg
Sat 2019-12-28 11:47:33.690: *  From: "Slamet Raharjo" 
Sat 2019-12-28 11:47:33.690: *  To: "Test Sukabumi" 
Sat 2019-12-28 11:47:33.690: *  Subject: [it-support] Test Sukabumi 17
Sat 2019-12-28 11:47:33.690: *  Message-ID: 

Sat 2019-12-28 11:47:33.690: *  Size: 3837; 
c:\mdaemon\users\aio.co.id\sukabumi\md5008070.msg

Jika saya lihat. E-mail yang saya kirimkan ke it-supp...@aio.co.id ini masuk 
dengan baik ke spool mailbox (sukab...@aio.co.id) ,

Namun setelah di Domain POP oleh Mail Server Sukabumi (Satellite Server), 
e-mail tersebut seolah hilang begitu saja, apakah ini ada kaitannya dengan 
parsing di Domain POP ?

Terlampir Parsing yang ada saat ini di Satellite Server (Domain POP).

=
Ini Contoh Internet Header yang saya cek di spool mailbox :

1. Internet Header ke alamat milist (tidak di terima di satellite server)

Authentication-Results: mail.aio.co.id;
auth=pass (login) smtp.auth=sraha...@aio.co.id
Received: from lhoslamet819 by aio.co.id with ESMTPA id pd50022533354.msg; 
Sat, 28 Dec 2019 11:01:08 +0700
X-Spam-Processed: mail.aio.co.id, Sat, 28 Dec 2019 11:01:08 +0700
(not processed: message from trusted or authenticated source)
X-MDArrival-Date: Sat, 28 Dec 2019 11:01:08 +0700
X-Authenticated-Sender: sraha...@aio.co.id
X-Rcpt-To: it-supp...@aio.co.id
X-MDRcpt-To: it-supp...@aio.co.id
X-Envelope-From: sraha...@aio.co.id
X-MDMailing-List: it-supp...@aio.co.id
Precedence: bulk
Sender: it-supp...@aio.co.id
X-MDAV-Result: clean
X-MDAV-Processed: mail.aio.co.id, Sat, 28 Dec 2019 11:01:08 +0700
From: "Slamet Raharjo" 
To: "Test Sukabumi" 
Subject: [it-support] Test Support 3
Date: Sat, 28 Dec 2019 11:01:02 +0700
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_NextPart_000_006D_01D5BD6E.194B86D0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdW9M2qZsAUlLz8vR/yx2S7jyQ7u0A==
Content-Language: en-id
List-ID: 
List-Post: 
X-MDRedirect: 1
X-MDRedirect_From: test...@aio.co.id
X-Return-Path: 
X-MDaemon-Deliver-To: 

This is a multipart message in MIME format.

--=_NextPart_000_006D_01D5BD6E.194B86D0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

Test Support 3

 

Best Regards,

 

Slamet Raharjo

IT Dept.

 


--=_NextPart_000_006D_01D5BD6E.194B86D0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

http://schemas.microsoft.com/office/2004/12/omml; =
xmlns=3D"http://www.w3.org/TR/REC-html40;>Test Support 3Best =
Regards,Slamet RaharjoIT =
Dept.
--=_NextPart_000_006D_01D5BD6E.194B86D0--

===

2. Internet Header ke salah satu user (di  terima dengan baik e-mail tersebut 
di satellite server)

X-MDAV-Result: clean
X-MDAV-Processed: mail.aio.co.id, Sat, 28 Dec 2019 11:12:09 +0700
Authentication-Results: mail.aio.co.id;
auth=pass (login) 

[mdaemon-l] Spam Bulk

[Syafril Hermansyah]

On 27/12/19 16.37, Slamet Raharjo (sraha...@aio.co.id) wrote:
>> Kalau tidak ada di spam folder atau inbox lalu di folder mana user itu
>> terima mailnya?
> User yang di satellite server yang tidak terima pak, kalau yang di master
> server terima dengan baik.


Tadikan saya tanya user di kantorpusat terima mail di inbox atau di spam folder.

Kalau tracking mail untuk member di kantor cabang sudah terima atau belum
periksa ke spam folder di akun domain spooling mailbox, dalam hal ini bisa
melalui queue and stat manager.


> Ini ada logsnya pak, saya ambil dari Salah satu satellite server (ada
> keetragan duplicate), sbb :


Maksudnya ini domainpop log di server cabang?
Abaikan soal duplicate parsing, karena hanya akan 1 saja yang akan diteruskan ke
final recipient..

Kalau memeriksa diterima tidaknya mail di kantor cabang bukan periksa domainpop
log tetapi periksa ke routing log.

- dari mail yang diterima user di kantorpusat periksa headernya, catat From
 , return-path address dan message-idnya.

- gunakan message-ID number sebagai kata kunci pencarian di routing log server
cabang.

Kalau tidak ketemu maka lakukan sbb:

- periksa routing log server kantor pusat dengan kata kunci pencarian message-ID
yang tadi plus smtp bounce address yang digunakan distribution list.

http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?ml_notifications.htm

- periksa dengan teliti apakah ada message-ID file yang disimpan di folder
\\mdaemon\users\aio.co.id\sukabumi (domain spooling mailbox), catat nama 
filenya.

- periksa ke POP3 log server kantor pusat, file
\\mdaemon\users\aio.co.id\sukabumi\filexxx.msg di retrive kapan.









-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.5.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Study the past if you would define the future.
---  Confucius


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] Spam Bulk

[Slamet Raharjo]

> Kalau tidak ada di spam folder atau inbox lalu di folder mana user itu terima
> mailnya?

User yang di satellite server yang tidak terima pak, kalau yang di master 
server terima dengan baik.

> >> Masalahnya bukan karena upgrade, tetapi karena kofigurasi
> >> master-satellite itu tidak standar di MDaemon sehingga perlu
> penyesuaian jika diperlukan.
> >> Standard MDaemon untuk single domain on multi server pakainya
> Domain
> >> Sharing.
> >
> > Dulu gak ada Domain Sharing pak, maka dari itu daripada pakai Direct
> > SMTP yang memerlukan license yang kembar (jumlah usernya harus sama)
> > di tiap MDaemon mail server, maka Pak Syafril sarankan menggunakan
> > konsep DomainPOP sehingga hanya cukup yang di mail server Pusat yang
> > cover jumlah semua users, dan di satellite cukup user factory saja,
> > dan ini sudah berjalan normal tahunan, Nah setelah upgrade ke Versi
> > baru ini ada issue, sepertinya ada yang berubah atau tercentang, namun
> belum tau dimananya.
> 
> 
> Di versi baru sebenarnya tidak ada perubahan setting hanya saja memang
> ada banyak fitur-2x keamanan baru yang belum mengantisipasi adanya user
> yang masih pakai konfigurasi master-satellite dengan domainpop.
> 
> Master Satellite memang saya yang awal memperkenalkan dulu, berdasar
> fitur domainpop saat koneksi internet masih (banyak) yang pakai Dial Up
> (telkomnet instan).
> Teknisi-2x kami tidak lagi mengenal domainpop dengan baik, karena saat ini
> sudah jarang user kami yang masih/akan pakai domainpop; sudah berganti
> dengan ODMR (On Demand Mail Relay) yang lebih advance dengan
> berkembangnya teknologi Broadband (wireless dan Wired).
> 
> Domainpop pakai protocol POP3 sementara ODMR pakai SMTP tetapi
> keduanya tetap bisa memanfaatkan High Speed Asynchronous Connection
> macam ADSL, Cable Modem, wireless 4G/5G, Wired FO broadband dls.
> DomainPOP melakukan filtering setelah mail diunduh lengkap, ODMR
> melakukan filtering di level SMTP persis sama dengan Direct Incoming to
> SMTP.

Ini ada logsnya pak, saya ambil dari Salah satu satellite server (ada keetragan 
duplicate), sbb :

Fri 2019-12-27 16:00:38.312: Address  parsed from 
[X-RCPT-TO:] header
Fri 2019-12-27 16:00:38.312: Address  parsed from 
[X-MDRCPT-TO:] header (duplicate)
Fri 2019-12-27 16:00:38.317: --> DELE 11
Fri 2019-12-27 16:00:38.324: <-- +OK message 11 deleted
Fri 2019-12-27 16:00:38.324: --> LIST 21
Fri 2019-12-27 16:00:38.330: <-- +OK 21 57418
Fri 2019-12-27 16:00:38.330: --> RETR 21
Fri 2019-12-27 16:00:38.337: <-- +OK 57418 octets
Fri 2019-12-27 16:00:38.344: Transmission complete
Fri 2019-12-27 16:00:38.345: Address  parsed from 
[X-RCPT-TO:] header
Fri 2019-12-27 16:00:38.345: Address  parsed from 
[X-MDRCPT-TO:] header (duplicate)
Fri 2019-12-27 16:00:38.348: --> DELE 21
Fri 2019-12-27 16:00:38.355: <-- +OK message 21 deleted
Fri 2019-12-27 16:00:38.355: --> LIST 5
Fri 2019-12-27 16:00:38.361: <-- +OK 5 57421
Fri 2019-12-27 16:00:38.361: --> RETR 5
Fri 2019-12-27 16:00:38.368: <-- +OK 57421 octets
Fri 2019-12-27 16:00:38.376: Transmission complete
Fri 2019-12-27 16:00:38.376: Address  parsed from 
[X-RCPT-TO:] header
Fri 2019-12-27 16:00:38.376: Address  parsed from 
[X-MDRCPT-TO:] header (duplicate)
Fri 2019-12-27 16:00:38.380: --> DELE 5
Fri 2019-12-27 16:00:38.387: <-- +OK message 5 deleted
Fri 2019-12-27 16:00:38.387: --> LIST 8
Fri 2019-12-27 16:00:38.393: <-- +OK 8 57421
Fri 2019-12-27 16:00:38.393: --> RETR 8
Fri 2019-12-27 16:00:38.400: <-- +OK 57421 octets
Fri 2019-12-27 16:00:38.407: Transmission complete
Fri 2019-12-27 16:00:38.407: Address  parsed from 
[X-RCPT-TO:] header
Fri 2019-12-27 16:00:38.408: Address  parsed from 
[X-MDRCPT-TO:] header (duplicate)
Fri 2019-12-27 16:00:38.411: --> DELE 8
Fri 2019-12-27 16:00:38.418: <-- +OK message 8 deleted
Fri 2019-12-27 16:00:38.418: --> LIST 41
Fri 2019-12-27 16:00:38.424: <-- +OK 41 57421
Fri 2019-12-27 16:00:38.424: --> RETR 41
Fri 2019-12-27 16:00:38.430: <-- +OK 57421 octets
Fri 2019-12-27 16:00:38.437: Transmission complete
Fri 2019-12-27 16:00:38.438: Address  parsed from 
[X-RCPT-TO:] header
Fri 2019-12-27 16:00:38.438: Address  parsed from 
[X-MDRCPT-TO:] header (duplicate)
Fri 2019-12-27 16:00:38.441: --> DELE 41
Fri 2019-12-27 16:00:38.448: <-- +OK message 41 deleted
Fri 2019-12-27 16:00:38.448: --> LIST 34
Fri 2019-12-27 16:00:38.454: <-- +OK 34 57422
Fri 2019-12-27 16:00:38.454: --> RETR 34
Fri 2019-12-27 16:00:38.460: <-- +OK 57422 octets
Fri 2019-12-27 16:00:38.467: Transmission complete
Fri 2019-12-27 16:00:38.468: Address  parsed from 
[X-RCPT-TO:] header
Fri 2019-12-27 16:00:38.468: Address  parsed from 
[X-MDRCPT-TO:] header (duplicate)
Fri 2019-12-27 16:00:38.471: --> DELE 34
Fri 2019-12-27 16:00:38.477: <-- +OK message 34 deleted
Fri 2019-12-27 16:00:38.477: --> LIST 23
Fri 2019-12-27 16:00:38.483: <-- +OK 23 57427
Fri 2019-12-27 16:00:38.484: --> RETR 23
Fri 2019-12-27 16:00:38.490: <-- +OK 57427 octets
Fri 2019-12-27 16:00:38.498: Transmission complete
Fri 2019-12-27 

[mdaemon-l] Spam Bulk

[Syafril Hermansyah]

On 27/12/19 15.36, Slamet Raharjo (sraha...@aio.co.id) wrote:
>> Terima di inbox atau spam folder?
> Tidak ada.

Kalau tidak ada di spam folder atau inbox lalu di folder mana user itu terima
mailnya?

>> Masalahnya bukan karena upgrade, tetapi karena kofigurasi master-satellite 
>> itu tidak standar di MDaemon sehingga perlu penyesuaian jika diperlukan. 
>> Standard MDaemon untuk single domain on multi server pakainya Domain 
>> Sharing.
> 
> Dulu gak ada Domain Sharing pak, maka dari itu daripada pakai Direct SMTP
> yang memerlukan license yang kembar (jumlah usernya harus sama) di tiap
> MDaemon mail server, maka Pak Syafril sarankan menggunakan konsep DomainPOP
> sehingga hanya cukup yang di mail server Pusat yang cover jumlah semua users,
> dan di satellite cukup user factory saja,  dan ini sudah berjalan normal
> tahunan, Nah setelah upgrade ke Versi baru ini ada issue, sepertinya ada yang
> berubah atau tercentang, namun belum tau dimananya.


Di versi baru sebenarnya tidak ada perubahan setting hanya saja memang ada
banyak fitur-2x keamanan baru yang belum mengantisipasi adanya user yang masih
pakai konfigurasi master-satellite dengan domainpop.

Master Satellite memang saya yang awal memperkenalkan dulu, berdasar fitur
domainpop saat koneksi internet masih (banyak) yang pakai Dial Up (telkomnet
instan).
Teknisi-2x kami tidak lagi mengenal domainpop dengan baik, karena saat ini sudah
jarang user kami yang masih/akan pakai domainpop; sudah berganti dengan ODMR (On
Demand Mail Relay) yang lebih advance dengan berkembangnya teknologi Broadband
(wireless dan Wired).

Domainpop pakai protocol POP3 sementara ODMR pakai SMTP tetapi keduanya tetap
bisa memanfaatkan High Speed Asynchronous Connection macam ADSL, Cable Modem,
wireless 4G/5G, Wired FO broadband dls.
DomainPOP melakukan filtering setelah mail diunduh lengkap, ODMR melakukan
filtering di level SMTP persis sama dengan Direct Incoming to SMTP.





-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.5.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

In learning you will teach, and in teaching you will learn.
---  Phil Collins


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] Spam Bulk

[Slamet Raharjo]

> Terima di inbox atau spam folder?

Tidak ada.

> > Kira-kira apa penyebabnya ya pak ?
> 
> 
> Kalau member di kantor pusat terima mailnya maka member di kantor
> cabangpun akan terima.
> Coba periksa ke spam folder di akun domain spooling mailbox kantor
> cabang, apakah mungkin tersangkut disitu.
> 
> Khusus akun domain spooling mailbox mestinya tidak ada IMAP filtering,
> biarkan filter-2x dilakukan oleh MDaemon server kantor cabang.
> 
> http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?ae_filters.htm
> 
> > Ini terjadi setelah upgrade ke Mail Server ke 19.5.3
> 
> 
> Masalahnya bukan karena upgrade, tetapi karena kofigurasi master-satellite
> itu tidak standar di MDaemon sehingga perlu penyesuaian jika diperlukan.
> Standard MDaemon untuk single domain on multi server pakainya Domain
> Sharing.

Dulu gak ada Domain Sharing pak, maka dari itu daripada pakai Direct SMTP yang 
memerlukan license yang kembar (jumlah usernya harus sama) di tiap MDaemon mail 
server, maka Pak Syafril sarankan menggunakan konsep DomainPOP sehingga hanya 
cukup yang di mail server Pusat yang cover jumlah semua users, dan di satellite 
cukup user factory saja,  dan ini sudah berjalan normal tahunan, Nah setelah 
upgrade ke Versi baru ini ada issue, sepertinya ada yang berubah atau 
tercentang, namun belum tau dimananya.

Best Regards,

Slamet Raharjo
IT Dept.





--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] Spam Bulk

[Syafril Hermansyah]

On 27/12/19 14.29, Slamet Raharjo (sraha...@aio.co.id) wrote:
> Setelah di cek, untuk anggota distribution-list yang di mail server pusat
> ternyata menerima e-mail tersebut, namun yang anggotanya berada di satellite
> server tidak terima,


Terima di inbox atau spam folder?

> Kira-kira apa penyebabnya ya pak ?


Kalau member di kantor pusat terima mailnya maka member di kantor cabangpun akan
terima.
Coba periksa ke spam folder di akun domain spooling mailbox kantor cabang,
apakah mungkin tersangkut disitu.

Khusus akun domain spooling mailbox mestinya tidak ada IMAP filtering, biarkan
filter-2x dilakukan oleh MDaemon server kantor cabang.

http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?ae_filters.htm

> Ini terjadi setelah upgrade ke Mail Server ke 19.5.3


Masalahnya bukan karena upgrade, tetapi karena kofigurasi master-satellite itu
tidak standar di MDaemon sehingga perlu penyesuaian jika diperlukan.
Standard MDaemon untuk single domain on multi server pakainya Domain Sharing.




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.5.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Banyak yang tidak menyadari bahwa untuk bisa menjadi pemimpin yang baik
sebenarnya harus pernah membuktikan dirinya pernah menjadi orang yang dipimpin.
--- Dahlan Iskan


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] Spam Bulk

[Slamet Raharjo]

> Minta semua member periksa ke spam folder (junk Email Folder) di webmail
> dan di Email clientnya dan pindahkan message tersebut ke inbox folder.
> Akan lebih baik jika sekalian menambahkan sender address kedalam
> Webmail Whitelist Contact.
> 
> 
> > Jika di tolak, bagaimana cara exception agar tidak di tolak ?
> 
> 
> Mestinya tidak ditolak kalau spamscorenya masih standard (range +5.0 s.d
> +12.0)
> 
> http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?sf_spam_filtering
> .htm
> 
> Agar mail dari sender tertentu bypass antispam content filtering dan
> Outbreak Protection maka masukkan return-path address mail itu ke
> whitelist no filtering.
> 
> http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?sf_white_list.htm

Setelah di cek, untuk anggota distribution-list yang di mail server pusat
ternyata menerima e-mail tersebut, namun yang anggotanya berada di satellite
server tidak terima,
Kira-kira apa penyebabnya ya pak ?

Ini terjadi setelah upgrade ke Mail Server ke 19.5.3

Best Regards,

Slamet Raharjo
IT Dept.


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] Spam Bulk

[Syafril Hermansyah]

On 27/12/19 13.29, Slamet Raharjo (sraha...@aio.co.id) wrote:
> Di bantu di info, setelah upgrade ke mdaemon 19.5.3 ada e-mail dari SAP
> system kami yang sifatnya kirim ke alamat local distribution-list dan di
> anggap spam result:3 -Spam (bulk), 
> apakah ini artinya e-mail di tolak oleh mail server ? Karena semua anggota
> distribution-list tidak terima e-mail tersebut.


Belum tentu ditolak, bisa saja masuk ke IMAP (webmail) spam folder.
Periksa ke smtp-in log untuk melihat apakah benar ditolak/tidaknya serta spam
score yang message tersebut.

Minta semua member periksa ke spam folder (junk Email Folder) di webmail dan di
Email clientnya dan pindahkan message tersebut ke inbox folder.
Akan lebih baik jika sekalian menambahkan sender address kedalam Webmail
Whitelist Contact.


> Jika di tolak, bagaimana cara exception agar tidak di tolak ?


Mestinya tidak ditolak kalau spamscorenya masih standard (range +5.0 s.d +12.0)

http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?sf_spam_filtering.htm

Agar mail dari sender tertentu bypass antispam content filtering dan Outbreak
Protection maka masukkan return-path address mail itu ke whitelist no filtering.

http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?sf_white_list.htm



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.5.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

We do not remember days, we remember moments.
--- Cesare Pavese


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] SPAM Email

[Syafril Hermansyah]

On 15/08/19 09.01, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
>> Apakah user itu sering browsing pakai Ponsel IOS (Iphone, Ipad)  dengan
>> browser Safari?
> mungkin, karena beliau adalah iphone user. tapi saya perlu konfirmasi
> kepada yang bersangkutan terkait hal ini


Kalau pakai Safari perlu rajin clear cache dan browsing history serta
aktifkan pop up blocker.

https://support.apple.com/en-us/HT201265

>>
>> Mestinya spam threshold adalah minimum +5.0 dan maksimum +12.0
>>
>> http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?sf_spam_filtering.htm
> setting spam filter di mdaemon kami sudah sesuai dengan rekomendasi,


Oh iya, kalau di MD 19.0.x maka yang tampil adalah maksimum spam score.
Dengan spam score diatas +5.0 mestinya spam mail itu masuk ke Spma
folder (junk Email folder), sehingga tidak akan mengganggu user.

> Pak. selain itu apakah ada hal lain yang perlu saya cek?


Minta user periksa spam folder di IMAP client secara periodik, tidak
harus setiap saat, lalu pindahkan spam mail tersebut ke public folder
bayesian system learning/spam agar mengupdate bayesian spam score.





-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Leadership and learning are indispensable to each other
--- John F. Kennedy


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.1.0

[mdaemon-l] SPAM Email

[Anjas Wahyu Nurhayanto]

> Yang dimaksud apakah user yust...@aksball.co.id?
benar, Pak.

> Apakah user itu sering browsing pakai Ponsel IOS (Iphone, Ipad)  dengan
> browser Safari?
mungkin, karena beliau adalah iphone user. tapi saya perlu konfirmasi
kepada yang bersangkutan terkait hal ini

> Semua mail itu dideteksi sebagai spam oleh Outbreak Protection, tetapi
> tidak masuk ke spam folder di webmail karena spam score thresholdnya
> terlalu tinggi.
>
> Mestinya spam threshold adalah minimum +5.0 dan maksimum +12.0
>
> http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?sf_spam_filtering.htm
setting spam filter di mdaemon kami sudah sesuai dengan rekomendasi,
Pak. selain itu apakah ada hal lain yang perlu saya cek?

-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.1.0

[mdaemon-l] SPAM Email

[Syafril Hermansyah]

On 14/08/19 07.27, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> Mohon bantuannya untuk dilakukan pengecekan base on mail header dan
> log terlampir. user kami satu ini sering sekali menerima spam email
> semacam ini. sudah berkali-kali diblok juga tapi spam masih saja masuk
> ke inbox.


Yang dimaksud apakah user yust...@aksball.co.id?
Apakah user itu sering browsing pakai Ponsel IOS (Iphone, Ipad)  dengan
browser Safari?

> Mon 2019-08-12 17:50:56.235: 07: *  4.9 MDAEMON_OP_SPAM_HIGH MDaemon: 
> spam/phish
> Mon 2019-08-12 17:50:56.235: 07: Spam Filter score/req: 8.50/12.0


Semua mail itu dideteksi sebagai spam oleh Outbreak Protection, tetapi
tidak masuk ke spam folder di webmail karena spam score thresholdnya
terlalu tinggi.

Mestinya spam threshold adalah minimum +5.0 dan maksimum +12.0

http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?sf_spam_filtering.htm




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Leadership and learning are indispensable to each other
--- John F. Kennedy


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.1.0

[mdaemon-l] SPAM Email

[Anjas Wahyu Nurhayanto]

Dear Pak Syafril,

Mohon bantuannya untuk dilakukan pengecekan base on mail header dan
log terlampir. user kami satu ini sering sekali menerima spam email
semacam ini. sudah berkali-kali diblok juga tapi spam masih saja masuk
ke inbox.

-- 
Warm Regards,

Anjas

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.1.0
Tue 2019-08-13 07:42:11.705: 05: Session 042607; child 0001
Tue 2019-08-13 07:42:11.705: 05: Accepting SMTP connection from 
64.235.40.8:42212 to 10.0.0.1:25
Tue 2019-08-13 07:42:11.709: 03: --> 220 aksball.co.id ESMTP Tue, 13 Aug 2019 
07:42:11 +0700
Tue 2019-08-13 07:42:11.903: 02: <-- EHLO atlas02.gates2host.com
Tue 2019-08-13 07:42:11.903: 03: --> 250-aksball.co.id Hello 
atlas02.gates2host.com [64.235.40.8], pleased to meet you
Tue 2019-08-13 07:42:11.903: 03: --> 250-ETRN
Tue 2019-08-13 07:42:11.903: 03: --> 250-AUTH LOGIN PLAIN
Tue 2019-08-13 07:42:11.903: 03: --> 250-8BITMIME
Tue 2019-08-13 07:42:11.903: 03: --> 250-ENHANCEDSTATUSCODES
Tue 2019-08-13 07:42:11.903: 03: --> 250 SIZE
Tue 2019-08-13 07:42:12.093: 02: <-- MAIL FROM: SIZE=892739
Tue 2019-08-13 07:42:12.094: 05: Performing PTR lookup 
(8.40.235.64.IN-ADDR.ARPA)
Tue 2019-08-13 07:42:12.655: 05: *  D=8.40.235.64.IN-ADDR.ARPA TTL=(0) 
PTR=[atlas.gates2host.com]
Tue 2019-08-13 07:42:13.113: 05: *  D=atlas.gates2host.com TTL=(0) 
A=[64.235.40.8]
Tue 2019-08-13 07:42:13.113: 05:  End PTR results
Tue 2019-08-13 07:42:13.115: 05: Performing IP lookup (atlas02.gates2host.com)
Tue 2019-08-13 07:42:13.529: 05: *  D=atlas02.gates2host.com TTL=(0) 
A=[64.235.40.8]
Tue 2019-08-13 07:42:13.529: 05: *  D=atlas02.gates2host.com TTL=(0) 
A=[64.235.40.28]
Tue 2019-08-13 07:42:13.529: 05: *  D=atlas02.gates2host.com TTL=(0) 
A=[64.235.40.29]
Tue 2019-08-13 07:42:13.529: 05: *  D=atlas02.gates2host.com TTL=(0) 
A=[64.235.40.30]
Tue 2019-08-13 07:42:13.529: 05:  End IP lookup results
Tue 2019-08-13 07:42:13.531: 05: Performing IP lookup (coscon.com)
Tue 2019-08-13 07:42:13.795: 05: *  D=coscon.com TTL=(0) A=[210.13.120.41]
Tue 2019-08-13 07:42:13.949: 05: *  P=005 S=000 D=coscon.com TTL=(0) 
MX=[coscon-com.mail.protection.outlook.com] {104.47.124.36}
Tue 2019-08-13 07:42:13.949: 05:  End IP lookup results
Tue 2019-08-13 07:42:13.950: 09: Performing SPF lookup (atlas02.gates2host.com 
/ 64.235.40.8)
Tue 2019-08-13 07:42:17.916: 09: *  Result: none; no SPF record in DNS
Tue 2019-08-13 07:42:17.916: 09:  End SPF results
Tue 2019-08-13 07:42:17.916: 09: Performing SPF lookup (coscon.com / 
64.235.40.8)
Tue 2019-08-13 07:42:18.171: 09: *  Policy: v=spf1 
include:spf.protection.outlook.com mx ip4:210.13.120.43/32 ip4:61.152.170.78/32 
ip4:146.222.247.57/32 ip4:146.222.247.58/32 ip4:63.247.189.109/32 
ip4:146.222.19.5/32 ip4:211.136.98.112/32 ip4:180.169.18.27/32 
ip4:146.222.19.7/32 ~all
Tue 2019-08-13 07:42:18.171: 09: *  Evaluating 
include:spf.protection.outlook.com: performing lookup
Tue 2019-08-13 07:42:18.225: 09: *Policy: v=spf1 ip4:207.46.100.0/24 
ip4:207.46.163.0/24 ip4:65.55.169.0/24 ip4:157.56.110.0/23 ip4:157.55.234.0/24 
ip4:213.199.154.0/24 ip4:213.199.180.128/26 ip4:52.100.0.0/14 
include:spfa.protection.outlook.com -all
Tue 2019-08-13 07:42:18.225: 09: *Evaluating ip4:207.46.100.0/24: no match
Tue 2019-08-13 07:42:18.225: 09: *Evaluating ip4:207.46.163.0/24: no match
Tue 2019-08-13 07:42:18.225: 09: *Evaluating ip4:65.55.169.0/24: no match
Tue 2019-08-13 07:42:18.225: 09: *Evaluating ip4:157.56.110.0/23: no match
Tue 2019-08-13 07:42:18.225: 09: *Evaluating ip4:157.55.234.0/24: no match
Tue 2019-08-13 07:42:18.225: 09: *Evaluating ip4:213.199.154.0/24: no match
Tue 2019-08-13 07:42:18.225: 09: *Evaluating ip4:213.199.180.128/26: no 
match
Tue 2019-08-13 07:42:18.225: 09: *Evaluating ip4:52.100.0.0/14: no match
Tue 2019-08-13 07:42:18.225: 09: *Evaluating 
include:spfa.protection.outlook.com: performing lookup
Tue 2019-08-13 07:42:18.335: 09: *  Policy: v=spf1 ip4:157.56.112.0/24 
ip4:207.46.51.64/26 ip4:64.4.22.64/26 ip4:40.92.0.0/15 ip4:40.107.0.0/16 
ip4:134.170.140.0/24 include:spfb.protection.outlook.com 
ip6:2001:489a:2202::/48 -all
Tue 2019-08-13 07:42:18.335: 09: *  Evaluating ip4:157.56.112.0/24: no match
Tue 2019-08-13 07:42:18.335: 09: *  Evaluating ip4:207.46.51.64/26: no match
Tue 2019-08-13 07:42:18.335: 09: *  Evaluating ip4:64.4.22.64/26: no match
Tue 2019-08-13 07:42:18.335: 09: *  Evaluating ip4:40.92.0.0/15: no match
Tue 2019-08-13 07:42:18.335: 09: *  Evaluating ip4:40.107.0.0/16: no match
Tue 2019-08-13 07:42:18.335: 09: *  Evaluating 

[mdaemon-l] SPAM Email

[Syafril Hermansyah]

On 29/07/19 08.11, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
>> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg39757.html
>> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg39756.html
> terima kasih atas penjelasannya, Pak. tapi setelah saya cek ada
> beberapa link di archive tersebut yang sudah tidak ada isinya, dalam
> website tertulis "404 - File or directory not found".


Sudah diperbaiki.
Coba sekarang.



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Learning without thought is labor lost; thought without learning is
perilous.
--- Confucius (551 BC - 479 BC), The Confucian Analects


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.0.3

[mdaemon-l] SPAM Email

[Anjas Wahyu Nurhayanto]

> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg39757.html
> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg39756.html

terima kasih atas penjelasannya, Pak. tapi setelah saya cek ada
beberapa link di archive tersebut yang sudah tidak ada isinya, dalam
website tertulis "404 - File or directory not found".

-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.0.3

[mdaemon-l] SPAM Email

[Syafril Hermansyah]

On 25/07/19 13.43, Syafril Hermansyah (syaf...@dutaint.co.id) wrote:
> 
>> Tue 2019-07-23 07:42:06.376: 07: Spam Filter score/req: 5.30/12.0
> 
> Aktifkan menu "Move spam into user's IMAP spam folder automatically"
> 
> http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?sf_options.htm
> 
> Saat user memeriksa lewat webmail ke spam folder maka bisa masukkan
> sender address kedalam blacklist contact.


Maaf, lupa menambahkan bahwa setting lengkapnya ada disini


https://www.mail-archive.com/mdaemon-l@dutaint.com/msg39757.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg39756.html

> Nama Spam/Junk Email folder bisa di define dari menu berikut
> 
> http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?preferences_system.htm
> 
> Default spam folder name: 
> 
> cara memasukkan kedalam blacklist contact
> 
> https://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=832


Blacklist dan whitelist contact hanya akan aktif jika setting
antispamnya sudah seperti tautan diatas.

Whitelist contact otomatis terisi/update jika sender kirim mail ke
recipient di internet (recipient address otomatis terupdate ke whitelist
contact) asalkan sender kirim mail melalui webmail atau jika pakai email
client yang smtpauthenticationnya diaktifkan.

Blacklist dan Whitelist contact akan bypass antispam content filtering.




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Learning without thought is labor lost; thought without learning is
perilous.
--- Confucius (551 BC - 479 BC), The Confucian Analects


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.0.3

[mdaemon-l] SPAM Email

[Anjas Wahyu Nurhayanto]

> Aktifkan menu "Move spam into user's IMAP spam folder automatically"
>
> http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?sf_options.htm
>
> Saat user memeriksa lewat webmail ke spam folder maka bisa masukkan
> sender address kedalam blacklist contact.
>
> Nama Spam/Junk Email folder bisa di define dari menu berikut
>
> http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?preferences_system.htm
>
> Default spam folder name: 
>
> cara memasukkan kedalam blacklist contact
>
> https://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=832

selamat pagi, Pak. terima kasih atas bantuan dan kerjasamanya


-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.0.3

[mdaemon-l] SPAM Email

[Syafril Hermansyah]

On 25/07/19 10.15, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> Maaf, Pak log satu lagi ketinggalan. terlampir adalah log email spam
> juga dengan pengirim yang berbeda


> Tue 2019-07-23 07:42:06.376: 07: Spam Filter score/req: 5.30/12.0


Aktifkan menu "Move spam into user's IMAP spam folder automatically"

http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?sf_options.htm

Saat user memeriksa lewat webmail ke spam folder maka bisa masukkan
sender address kedalam blacklist contact.

Nama Spam/Junk Email folder bisa di define dari menu berikut

http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?preferences_system.htm

Default spam folder name: 

cara memasukkan kedalam blacklist contact

https://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=832

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Experience is a hard teacher because she gives the test first, the
lesson afterwards.
--- Vernon Saunders Law


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.0.3

[mdaemon-l] SPAM Email

[Syafril Hermansyah]

On 25/07/19 10.08, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> berikuti ini adalah log spam email yang masuk di inbox salah satu user
> kami. mohon masukan agar spam sejenis ini tidak lagi perlu masuk inbox
> bagaimana caranya ya, Pak?


> Tue 2019-07-23 17:02:38.380: 07: Spam Filter score/req: 11.10/12.0


Aktifkan menu berikut di antispam content filtering.

http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?sf_options.htm

[x] Move spam into user's IMAP spam folder automatically

dengan demikian mail tersebut akan masuk ke Junk Email folder (atau spam
folder) di webmail (IMAP).

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Study the past if you would define the future.
---  Confucius


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.0.3

[mdaemon-l] SPAM Email

[Anjas Wahyu Nurhayanto]

Dear Pak Syafril,

> berikuti ini adalah log spam email yang masuk di inbox salah satu user
> kami. mohon masukan agar spam sejenis ini tidak lagi perlu masuk inbox
> bagaimana caranya ya, Pak?

Maaf, Pak log satu lagi ketinggalan. terlampir adalah log email spam
juga dengan pengirim yang berbeda
-- 
Warm Regards,

Anjas

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.0.3


SMTP-(in).log
Description: Binary data

[mdaemon-l] SPAM Email

[Anjas Wahyu Nurhayanto]

Dear Pak Syafril,

berikuti ini adalah log spam email yang masuk di inbox salah satu user
kami. mohon masukan agar spam sejenis ini tidak lagi perlu masuk inbox
bagaimana caranya ya, Pak?

-- 
Warm Regards,

Anjas

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.0.3
Tue 2019-07-23 17:02:19.121: 05: Session 940740; child 0001
Tue 2019-07-23 17:02:19.121: 05: Accepting SMTP connection from 
46.151.8.4:17833 to 10.0.0.1:25
Tue 2019-07-23 17:02:19.125: 03: --> 220 aksball.co.id ESMTP Tue, 23 Jul 2019 
17:02:19 +0700
Tue 2019-07-23 17:02:19.330: 02: <-- EHLO mail.nemiya.com
Tue 2019-07-23 17:02:19.331: 03: --> 250-aksball.co.id Hello mail.nemiya.com 
[46.151.8.4], pleased to meet you
Tue 2019-07-23 17:02:19.331: 03: --> 250-ETRN
Tue 2019-07-23 17:02:19.331: 03: --> 250-AUTH LOGIN PLAIN
Tue 2019-07-23 17:02:19.331: 03: --> 250-8BITMIME
Tue 2019-07-23 17:02:19.331: 03: --> 250-ENHANCEDSTATUSCODES
Tue 2019-07-23 17:02:19.331: 03: --> 250 SIZE
Tue 2019-07-23 17:02:19.537: 02: <-- MAIL FROM: SIZE=31090
Tue 2019-07-23 17:02:19.538: 05: Performing PTR lookup (4.8.151.46.IN-ADDR.ARPA)
Tue 2019-07-23 17:02:19.562: 05: *  D=4.8.151.46.IN-ADDR.ARPA TTL=(15) 
PTR=[mail.nemiya.com]
Tue 2019-07-23 17:02:19.588: 05: *  D=mail.nemiya.com TTL=(254) A=[46.151.8.4]
Tue 2019-07-23 17:02:19.588: 05:  End PTR results
Tue 2019-07-23 17:02:19.590: 05: Performing IP lookup (mail.nemiya.com)
Tue 2019-07-23 17:02:19.590: 05: *  D=mail.nemiya.com TTL=(254) A=[46.151.8.4]
Tue 2019-07-23 17:02:19.590: 05:  End IP lookup results
Tue 2019-07-23 17:02:19.592: 05: Performing IP lookup (nemiya.com)
Tue 2019-07-23 17:02:19.614: 05: *  D=nemiya.com TTL=(9) A=[46.151.10.50]
Tue 2019-07-23 17:02:19.637: 05: *  P=010 S=000 D=nemiya.com TTL=(323) 
MX=[mail.nemiya.com] {46.151.8.4}
Tue 2019-07-23 17:02:19.637: 05:  End IP lookup results
Tue 2019-07-23 17:02:19.638: 09: Performing SPF lookup (mail.nemiya.com / 
46.151.8.4)
Tue 2019-07-23 17:02:19.660: 09: *  Result: none; no SPF record in DNS
Tue 2019-07-23 17:02:19.660: 09:  End SPF results
Tue 2019-07-23 17:02:19.660: 09: Performing SPF lookup (nemiya.com / 46.151.8.4)
Tue 2019-07-23 17:02:19.680: 09: *  Policy: v=spf1 ip4:46.151.8.4 
include:_spf.yandex.net include:mail.nemiya.com include:_sfp.googl.com ~all
Tue 2019-07-23 17:02:19.680: 09: *  Evaluating ip4:46.151.8.4: match
Tue 2019-07-23 17:02:19.680: 09: *  Result: pass
Tue 2019-07-23 17:02:19.680: 09:  End SPF results
Tue 2019-07-23 17:02:19.680: 03: --> 250 2.1.0 Sender OK
Tue 2019-07-23 17:02:19.886: 02: <-- RCPT TO:
Tue 2019-07-23 17:02:19.891: 03: --> 250 2.1.5 Recipient OK
Tue 2019-07-23 17:02:20.097: 02: <-- DATA
Tue 2019-07-23 17:02:20.099: 01: Creating temp file (SMTP): 
d:\mdaemon\queues\temp\md5301173.tmp
Tue 2019-07-23 17:02:20.099: 03: --> 354 Enter mail, end with .
Tue 2019-07-23 17:02:21.388: 01: Message size: 30445 bytes
Tue 2019-07-23 17:02:21.389: 10: Performing DKIM lookup
Tue 2019-07-23 17:02:21.389: 10: *  File: 
d:\mdaemon\queues\temp\md5301173.tmp
Tue 2019-07-23 17:02:21.389: 10: *  Message-ID: 
<20190718194303.35971adddfae9...@nemiya.com>
Tue 2019-07-23 17:02:21.412: 10: * DKIM-Signature 1: v=1; a=rsa-sha256; 
q=dns/txt; c=relaxed/relaxed; d=nemiya.com; s=mail; ; 
Tue 2019-07-23 17:02:21.412: 10: *Verification result: DKIM_SIGNATURE_BAD
Tue 2019-07-23 17:02:21.412: 10: *  Result: neutral
Tue 2019-07-23 17:02:21.412: 10:  End DKIM results
Tue 2019-07-23 17:02:21.416: 19: Performing DMARC processing
Tue 2019-07-23 17:02:21.416: 19: *  File: 
d:\mdaemon\queues\temp\md5301173.tmp
Tue 2019-07-23 17:02:21.416: 19: *  Message-ID: 
<20190718194303.35971adddfae9...@nemiya.com>
Tue 2019-07-23 17:02:21.416: 19: *  Author domain: nemiya.com
Tue 2019-07-23 17:02:21.416: 19: *  Organizational domain: nemiya.com
Tue 2019-07-23 17:02:21.416: 19: *  Query domain: _dmarc.nemiya.com
Tue 2019-07-23 17:02:21.808: 19: *No DMARC policy record found
Tue 2019-07-23 17:02:21.808: 19: *  Action taken: none
Tue 2019-07-23 17:02:21.808: 19: *  Result: none
Tue 2019-07-23 17:02:21.808: 19:  End DMARC results
Tue 2019-07-23 17:02:21.813: 06: Passing message through AntiVirus (Size: 
30445)...
Tue 2019-07-23 17:02:21.813: 06: *  Recipient or sender in exclusion list
Tue 2019-07-23 17:02:21.813: 06:  End AntiVirus results
Tue 2019-07-23 17:02:21.880: 11: Passing message through Outbreak Protection...
Tue 2019-07-23 17:02:21.880: 11: *  Message-ID: 
<20190718194303.35971adddfae9...@nemiya.com>
Tue 2019-07-23 17:02:21.880: 11: *  Reference-ID: 

[mdaemon-l] spam email

[Anjas Wahyu Nurhayanto]

> Sudah termasuk, karena sendernya pakai 1 segment IP.

Baik, Pak. Terima kasih atas bantuan dan kerjasamanya.


-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.2, SG 6.0.3

[mdaemon-l] spam email

[Syafril Hermansyah]

On 15/07/19 08.42, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> Terima kasih atas bantuannya, Pak. untuk LOG yang lain bagaimana ya, Pak?


Sudah termasuk, karena sendernya pakai 1 segment IP.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0.3-64 bit Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Challenges are what make life interesting and overcoming them is what
makes life meaningful.
--- Joshua J. Marine


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.2, SG 6.0.3

[mdaemon-l] spam email

[Anjas Wahyu Nurhayanto]

> > Wed 2019-07-10 13:38:35.618: 02: <-- MAIL FROM:
> > Wed 2019-07-10 13:38:35.619: 05: Performing PTR lookup 
> > (164.178.217.144.IN-ADDR.ARPA)
> > Wed 2019-07-10 13:38:35.619: 05: *  D=164.178.217.144.IN-ADDR.ARPA 
> > TTL=(326) PTR=[ip164.ip-144-217-178.net]
> > Wed 2019-07-10 13:38:35.620: 05: *  D=ip164.ip-144-217-178.net TTL=(31) 
> > A=[144.217.178.164]
>
>
> Ini spam dengan cara spoofing domain (menggunakan domain orang lain)
> karena pemilik domain tidak melakukan proteksi dengan baik.
>
> Sudah diblock dengan hostscreening dan diupload ke
>
> ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat

Terima kasih atas bantuannya, Pak. untuk LOG yang lain bagaimana ya, Pak?


-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.2, SG 6.0.3

[mdaemon-l] spam email

[Syafril Hermansyah]

On 11/07/19 17.05, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> mohon bantuannya untuk dilakukan pengecekan spam email dengan
> SMTP-(in).log terlampir


> Wed 2019-07-10 13:38:35.618: 02: <-- MAIL FROM:
> Wed 2019-07-10 13:38:35.619: 05: Performing PTR lookup 
> (164.178.217.144.IN-ADDR.ARPA)
> Wed 2019-07-10 13:38:35.619: 05: *  D=164.178.217.144.IN-ADDR.ARPA TTL=(326) 
> PTR=[ip164.ip-144-217-178.net]
> Wed 2019-07-10 13:38:35.620: 05: *  D=ip164.ip-144-217-178.net TTL=(31) 
> A=[144.217.178.164]


Ini spam dengan cara spoofing domain (menggunakan domain orang lain)
karena pemilik domain tidak melakukan proteksi dengan baik.

Sudah diblock dengan hostscreening dan diupload ke

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0.3-64 bit Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

You have to learn the rules of the game. And then you have to play
better than anyone else.
--- Albert Einstein


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.1, SG 6.0.3

[mdaemon-l] spam email

[Anjas Wahyu Nurhayanto]

Dear pak Syafril,

mohon bantuannya untuk dilakukan pengecekan spam email dengan
SMTP-(in).log terlampir

-- 
Warm Regards,

Anjas

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.1, SG 6.0.3
Wed 2019-07-10 13:38:35.082: 05: Session 881047; child 0001
Wed 2019-07-10 13:38:35.082: 05: Accepting SMTP connection from 
144.217.178.164:51236 to 10.0.0.1:25
Wed 2019-07-10 13:38:35.086: 03: --> 220 aksball.co.id ESMTP Wed, 10 Jul 2019 
13:38:35 +0700
Wed 2019-07-10 13:38:35.355: 02: <-- EHLO okalog.co.id
Wed 2019-07-10 13:38:35.355: 03: --> 250-aksball.co.id Hello okalog.co.id 
[144.217.178.164], pleased to meet you
Wed 2019-07-10 13:38:35.355: 03: --> 250-ETRN
Wed 2019-07-10 13:38:35.355: 03: --> 250-AUTH LOGIN PLAIN
Wed 2019-07-10 13:38:35.355: 03: --> 250-8BITMIME
Wed 2019-07-10 13:38:35.355: 03: --> 250-ENHANCEDSTATUSCODES
Wed 2019-07-10 13:38:35.355: 03: --> 250 SIZE
Wed 2019-07-10 13:38:35.618: 02: <-- MAIL FROM:
Wed 2019-07-10 13:38:35.619: 05: Performing PTR lookup 
(164.178.217.144.IN-ADDR.ARPA)
Wed 2019-07-10 13:38:35.619: 05: *  D=164.178.217.144.IN-ADDR.ARPA TTL=(326) 
PTR=[ip164.ip-144-217-178.net]
Wed 2019-07-10 13:38:35.620: 05: *  D=ip164.ip-144-217-178.net TTL=(31) 
A=[144.217.178.164]
Wed 2019-07-10 13:38:35.620: 05:  End PTR results
Wed 2019-07-10 13:38:35.622: 05: Performing IP lookup (okalog.co.id)
Wed 2019-07-10 13:38:35.638: 05: *  D=okalog.co.id TTL=(0) A=[103.58.102.36]
Wed 2019-07-10 13:38:35.638: 05:  End IP lookup results
Wed 2019-07-10 13:38:35.640: 05: Performing IP lookup (okalog.co.id)
Wed 2019-07-10 13:38:35.640: 05: *  D=okalog.co.id TTL=(0) A=[103.58.102.36]
Wed 2019-07-10 13:38:35.667: 05: *  P=010 S=000 D=okalog.co.id TTL=(0) 
MX=[mail.okalog.co.id] {103.58.102.36}
Wed 2019-07-10 13:38:35.667: 05:  End IP lookup results
Wed 2019-07-10 13:38:35.692: 09: Performing SPF lookup (okalog.co.id / 
144.217.178.164)
Wed 2019-07-10 13:38:35.701: 09: *  Policy: v=spf1 a mx include:smtp.biz.net.id 
~all
Wed 2019-07-10 13:38:35.701: 09: *  Evaluating a: no match
Wed 2019-07-10 13:38:35.702: 09: *  Evaluating mx: no match
Wed 2019-07-10 13:38:35.702: 09: *  Evaluating include:smtp.biz.net.id: 
performing lookup
Wed 2019-07-10 13:38:35.711: 09: *Policy: v=spf1 ip4:117.102.98.0/24 
ip4:103.93.160.128/25 ip4:137.59.125.32/27 ip4:103.93.161.240/29 
ip4:182.253.220.25/32 ip4:182.253.220.5/32 ip4:137.59.125.221/32 
ip4:137.59.125.222/32 ip4:137.59.125.223/32 -all
Wed 2019-07-10 13:38:35.711: 09: *Evaluating ip4:117.102.98.0/24: no match
Wed 2019-07-10 13:38:35.711: 09: *Evaluating ip4:103.93.160.128/25: no match
Wed 2019-07-10 13:38:35.711: 09: *Evaluating ip4:137.59.125.32/27: no match
Wed 2019-07-10 13:38:35.711: 09: *Evaluating ip4:103.93.161.240/29: no match
Wed 2019-07-10 13:38:35.711: 09: *Evaluating ip4:182.253.220.25/32: no match
Wed 2019-07-10 13:38:35.711: 09: *Evaluating ip4:182.253.220.5/32: no match
Wed 2019-07-10 13:38:35.711: 09: *Evaluating ip4:137.59.125.221/32: no match
Wed 2019-07-10 13:38:35.711: 09: *Evaluating ip4:137.59.125.222/32: no match
Wed 2019-07-10 13:38:35.711: 09: *Evaluating ip4:137.59.125.223/32: no match
Wed 2019-07-10 13:38:35.711: 09: *Evaluating -all: match
Wed 2019-07-10 13:38:35.711: 09: *  Evaluating include:smtp.biz.net.id: no match
Wed 2019-07-10 13:38:35.711: 09: *  Evaluating ~all: match
Wed 2019-07-10 13:38:35.711: 09: *  Result: softfail
Wed 2019-07-10 13:38:35.711: 09:  End SPF results
Wed 2019-07-10 13:38:35.711: 03: --> 250 2.1.0 Sender OK
Wed 2019-07-10 13:38:36.009: 02: <-- RCPT TO:
Wed 2019-07-10 13:38:36.012: 03: --> 250 2.1.5 Recipient OK
Wed 2019-07-10 13:38:36.273: 02: <-- DATA
Wed 2019-07-10 13:38:36.275: 01: Creating temp file (SMTP): 
d:\mdaemon\queues\temp\md5196629.tmp
Wed 2019-07-10 13:38:36.275: 03: --> 354 Enter mail, end with .
Wed 2019-07-10 13:38:51.910: 01: Message size: 473405 bytes
Wed 2019-07-10 13:38:51.911: 10: Performing DKIM lookup
Wed 2019-07-10 13:38:51.911: 10: *  File: 
d:\mdaemon\queues\temp\md5196629.tmp
Wed 2019-07-10 13:38:51.911: 10: *  Message-ID: 
<20190709233840.582841d4c2301...@okalog.co.id>
Wed 2019-07-10 13:38:51.911: 10: *  Result: neutral
Wed 2019-07-10 13:38:51.911: 10:  End DKIM results
Wed 2019-07-10 13:38:51.915: 06: Passing message through AntiVirus (Size: 
473405)...
Wed 2019-07-10 13:38:51.915: 06: *  Recipient or sender in exclusion list
Wed 2019-07-10 13:38:51.915: 06:  End AntiVirus results
Wed 2019-07-10 13:38:52.242: 11: Passing message through Outbreak Protection...
Wed 2019-07-10 13:38:52.242: 11: *  Message-ID: 

[mdaemon-l] Spam Email

[Anjas Wahyu Nurhayanto]

> Diblock saja sender address di blacklist contact webmail user
> b...@aksball.co.id

Baik, Pak. Terima kasih atas bantuan dan kerjasamanya.


-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.1, SG 6.0.1

[mdaemon-l] Spam Email

[Syafril Hermansyah]

On 12/06/19 09.19, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> berikut log dari spam email yang masuk ke inbox user kami. mohon
> bantuannya untuk dilakukan pengecekan :
> 
> Tue 2019-06-11 15:50:53.734: 02: <-- EHLO comcenter.at
> Tue 2019-06-11 15:50:53.921: 02: <-- MAIL FROM: SIZE=3479


Diblock saja sender address di blacklist contact webmail user
b...@aksball.co.id


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0.2-64 bit Beta D
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Change is the end result of all true learning.
--- Leo Buscaglia


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.1, SG 6.0.1

[mdaemon-l] Spam Email

[Anjas Wahyu Nurhayanto]

Dear Pak Syafril,

berikut log dari spam email yang masuk ke inbox user kami. mohon
bantuannya untuk dilakukan pengecekan :

Tue 2019-06-11 15:50:53.548: 05: Session 745433; child 0001
Tue 2019-06-11 15:50:53.548: 05: Accepting SMTP connection from
62.13.193.51:39464 to 10.0.0.1:25
Tue 2019-06-11 15:50:53.552: 03: --> 220 aksball.co.id ESMTP Tue, 11
Jun 2019 15:50:53 +0700
Tue 2019-06-11 15:50:53.734: 02: <-- EHLO comcenter.at
Tue 2019-06-11 15:50:53.735: 03: --> 250-aksball.co.id Hello
comcenter.at [62.13.193.51], pleased to meet you
Tue 2019-06-11 15:50:53.735: 03: --> 250-ETRN
Tue 2019-06-11 15:50:53.735: 03: --> 250-AUTH LOGIN PLAIN
Tue 2019-06-11 15:50:53.735: 03: --> 250-8BITMIME
Tue 2019-06-11 15:50:53.735: 03: --> 250-ENHANCEDSTATUSCODES
Tue 2019-06-11 15:50:53.735: 03: --> 250 SIZE
Tue 2019-06-11 15:50:53.921: 02: <-- MAIL FROM: SIZE=3479
Tue 2019-06-11 15:50:53.923: 05: Performing PTR lookup
(51.193.13.62.IN-ADDR.ARPA)
Tue 2019-06-11 15:50:53.945: 05: *  D=51.193.13.62.IN-ADDR.ARPA
TTL=(59) PTR=[mail.rtccdn.com]
Tue 2019-06-11 15:50:53.967: 05: *  D=mail.rtccdn.com TTL=(9) A=[62.13.193.51]
Tue 2019-06-11 15:50:53.967: 05:  End PTR results
Tue 2019-06-11 15:50:53.969: 05: Performing IP lookup (comcenter.at)
Tue 2019-06-11 15:51:05.755: 04: *  DNS server reports that it is
having technical problems
Tue 2019-06-11 15:51:05.755: 05:  End IP lookup results
Tue 2019-06-11 15:51:05.757: 05: Performing IP lookup (sn-consult.at)
Tue 2019-06-11 15:51:10.040: 05: *  P=010 S=000 D=sn-consult.at
TTL=(0) MX=[atvie-spamgate-01.cpson.net] {62.13.193.50}
Tue 2019-06-11 15:51:10.041: 05:  End IP lookup results
Tue 2019-06-11 15:51:10.111: 09: Performing SPF lookup (comcenter.at /
62.13.193.51)
Tue 2019-06-11 15:51:11.291: 09: *  Result: none; no SPF record in DNS
Tue 2019-06-11 15:51:11.291: 09:  End SPF results
Tue 2019-06-11 15:51:11.291: 09: Performing SPF lookup (sn-consult.at
/ 62.13.193.51)
Tue 2019-06-11 15:51:11.311: 09: *  Result: none; no SPF record in DNS
Tue 2019-06-11 15:51:11.311: 09:  End SPF results
Tue 2019-06-11 15:51:11.311: 03: --> 250 2.1.0 Sender OK
Tue 2019-06-11 15:51:11.494: 02: <-- RCPT TO:
Tue 2019-06-11 15:51:11.498: 03: --> 250 2.1.5 Recipient OK
Tue 2019-06-11 15:51:11.682: 02: <-- DATA
Tue 2019-06-11 15:51:11.684: 01: Creating temp file (SMTP):
d:\mdaemon\queues\temp\md5018270.tmp
Tue 2019-06-11 15:51:11.684: 03: --> 354 Enter mail, end with .
Tue 2019-06-11 15:51:11.925: 01: Message size: 3405 bytes
Tue 2019-06-11 15:51:11.926: 10: Performing DKIM lookup
Tue 2019-06-11 15:51:11.926: 10: *  File:
d:\mdaemon\queues\temp\md5018270.tmp
Tue 2019-06-11 15:51:11.926: 10: *  Message-ID:

Tue 2019-06-11 15:51:11.926: 10: *  Result: neutral
Tue 2019-06-11 15:51:11.926: 10:  End DKIM results
Tue 2019-06-11 15:51:11.930: 19: Performing DMARC processing
Tue 2019-06-11 15:51:11.930: 19: *  File:
d:\mdaemon\queues\temp\md5018270.tmp
Tue 2019-06-11 15:51:11.930: 19: *  Message-ID:

Tue 2019-06-11 15:51:11.930: 19: *  Author domain: sn-consult.at
Tue 2019-06-11 15:51:11.930: 19: *  Organizational domain: sn-consult.at
Tue 2019-06-11 15:51:11.930: 19: *  Query domain: _dmarc.sn-consult.at
Tue 2019-06-11 15:51:19.443: 19: *No DMARC policy record found
Tue 2019-06-11 15:51:19.443: 19: *  Action taken: none
Tue 2019-06-11 15:51:19.443: 19: *  Result: none
Tue 2019-06-11 15:51:19.443: 19:  End DMARC results
Tue 2019-06-11 15:51:19.447: 06: Passing message through AntiVirus
(Size: 3405)...
Tue 2019-06-11 15:51:19.448: 06: *  Recipient or sender in exclusion list
Tue 2019-06-11 15:51:19.448: 06:  End AntiVirus results
Tue 2019-06-11 15:51:19.602: 11: Passing message through Outbreak Protection...
Tue 2019-06-11 15:51:19.602: 11: *  Message-ID:

Tue 2019-06-11 15:51:19.602: 11: *  Reference-ID:
str=0001.0A150203.5CFF6B91.0040,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
Tue 2019-06-11 15:51:19.602: 11: *  Virus result: 0 - Clean
Tue 2019-06-11 15:51:19.602: 11: *  Spam result: 1 - Clean
Tue 2019-06-11 15:51:19.602: 11: *  IWF result: 0 - Clean
Tue 2019-06-11 15:51:19.602: 11:  End Outbreak Protection results
Tue 2019-06-11 15:51:19.603: 07: Passing message through Spam Filter
(Size: 3405)...
Tue 2019-06-11 15:51:31.895: 07: *  0.0 HTML_FONT_LOW_CONTRAST BODY:
HTML font color similar or
Tue 2019-06-11 15:51:31.895: 07: *  identical to background
Tue 2019-06-11 15:51:31.895: 07: *  0.0 HTML_MESSAGE BODY: HTML
included in message
Tue 2019-06-11 15:51:31.895: 07: *  0.0 MIME_QP_LONG_LINE RAW:
Quoted-printable line longer than 76
Tue 2019-06-11 15:51:31.895: 07: *  chars
Tue 2019-06-11 15:51:31.895: 07: *  1.1 STYLE_GIBBERISH Nonsense in
HTML 

[mdaemon-l] spam email bitcoin

[Anjas Wahyu Nurhayanto]

> Hmmm... saya tambahkan ke host screening untuk sender host itu.

Baik, Pak. Terima kasih atas bantuan dan kerjasamanya.


-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.1, SG 6.0.1

[mdaemon-l] spam email bitcoin

[Syafril Hermansyah]

On 24/05/19 09.58, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
>> Mestinya ini akan ditolak oleh hostscreening.
>>
>>
>> http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?security--reverse_lookup.htm
>>
>> [x] Perform lookup on HELO/EHLO domain
>> dst
> pada setting sebelumnya menu ini sudah aktif (terlampir)


Hmmm... saya tambahkan ke host screening untuk sender host itu.


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 19.0.1-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The only thing that stands between you and your dream is the will to try
and the belief that it is actually possible.
---  Joel Brown


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.1, SG 6.0

[mdaemon-l] spam email bitcoin

[Anjas Wahyu Nurhayanto]

> Mestinya ini akan ditolak oleh hostscreening.
>
>
> http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?security--reverse_lookup.htm
>
> [x] Perform lookup on HELO/EHLO domain
> dst

pada setting sebelumnya menu ini sudah aktif (terlampir)


> Naikkan nilai spam score di Outbreak Protection.
>
>
> http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?sp_outbreak_protection.htm
>
> Spam should be...
>
> [x] accepted for filtering Score: 4.9
>
> > Wed 2019-05-22 22:23:28.587: 07: Spam Filter score/req: 11.60/12.0
>
>
> Agar total spam scorenya diatas 12.0 --> ditolak.

opsi ini sudah saya naikkan nilainya dari 3.0 menjadi 4.9 sesuai anjuran bapak

-- 
Warm Regards,

Anjas

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.1, SG 6.0

[mdaemon-l] spam email bitcoin

[Syafril Hermansyah]

On 24/05/19 07.11, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> klien kami menerima email spam dengan bitcoin request. setelah saya
> cek log nya adalah sebagai berikut :
> 
> Wed 2019-05-22 22:23:23.051: 02: <-- EHLO ppp-94-66-57-110.home.otenet.gr
> Wed 2019-05-22 22:23:23.052: 03: --> 250-aksball.co.id Hello
> ppp-94-66-57-110.home.otenet.gr [94.66.57.110], pleased to meet you


Mestinya ini akan ditolak oleh hostscreening.


http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?security--reverse_lookup.htm

[x] Perform lookup on HELO/EHLO domain
dst


> Wed 2019-05-22 22:23:28.022: 11: *  Spam result: 4 - Spam (confirmed)
> Wed 2019-05-22 22:23:28.587: 07: *  3.0 MDAEMON_OP_SPAM_HIGH MDaemon: 
> spam/phish

Naikkan nilai spam score di Outbreak Protection.


http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?sp_outbreak_protection.htm

Spam should be...

[x] accepted for filtering Score: 4.9

> Wed 2019-05-22 22:23:28.587: 07: Spam Filter score/req: 11.60/12.0


Agar total spam scorenya diatas 12.0 --> ditolak.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The life so short, the craft so long to learn.
--- Hippocrates













-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.1, SG 6.0

[mdaemon-l] spam email bitcoin

[Anjas Wahyu Nurhayanto]

Dear Pak Syafril,

klien kami menerima email spam dengan bitcoin request. setelah saya
cek log nya adalah sebagai berikut :

Wed 2019-05-22 22:23:22.786: 05: Session 698276; child 0001
Wed 2019-05-22 22:23:22.786: 05: Accepting SMTP connection from
94.66.57.110:37660 to 10.0.0.1:25
Wed 2019-05-22 22:23:22.789: 03: --> 220 aksball.co.id ESMTP Wed, 22
May 2019 22:23:22 +0700
Wed 2019-05-22 22:23:23.051: 02: <-- EHLO ppp-94-66-57-110.home.otenet.gr
Wed 2019-05-22 22:23:23.052: 03: --> 250-aksball.co.id Hello
ppp-94-66-57-110.home.otenet.gr [94.66.57.110], pleased to meet you
Wed 2019-05-22 22:23:23.052: 03: --> 250-ETRN
Wed 2019-05-22 22:23:23.052: 03: --> 250-AUTH LOGIN PLAIN
Wed 2019-05-22 22:23:23.052: 03: --> 250-8BITMIME
Wed 2019-05-22 22:23:23.052: 03: --> 250-ENHANCEDSTATUSCODES
Wed 2019-05-22 22:23:23.052: 03: --> 250 SIZE
Wed 2019-05-22 22:23:23.443: 02: <-- MAIL From:
Wed 2019-05-22 22:23:23.445: 05: Performing PTR lookup
(110.57.66.94.IN-ADDR.ARPA)
Wed 2019-05-22 22:23:23.985: 05: *  D=110.57.66.94.IN-ADDR.ARPA
TTL=(0) PTR=[ppp-94-66-57-110.home.otenet.gr]
Wed 2019-05-22 22:23:24.231: 05: *  D=ppp-94-66-57-110.home.otenet.gr
TTL=(0) A=[94.66.57.110]
Wed 2019-05-22 22:23:24.231: 05:  End PTR results
Wed 2019-05-22 22:23:24.233: 05: Performing IP lookup
(ppp-94-66-57-110.home.otenet.gr)
Wed 2019-05-22 22:23:24.233: 05: *  D=ppp-94-66-57-110.home.otenet.gr
TTL=(0) A=[94.66.57.110]
Wed 2019-05-22 22:23:24.233: 05:  End IP lookup results
Wed 2019-05-22 22:23:24.236: 05: Performing IP lookup (nisarinc.com)
Wed 2019-05-22 22:23:24.484: 05: *  D=nisarinc.com TTL=(0) A=[74.208.3.155]
Wed 2019-05-22 22:23:25.182: 05: *  P=010 S=000 D=nisarinc.com TTL=(0)
MX=[inbound30.exchangedefender.com] {206.125.40.130}
Wed 2019-05-22 22:23:25.182: 05:  End IP lookup results
Wed 2019-05-22 22:23:25.183: 09: Performing SPF lookup
(ppp-94-66-57-110.home.otenet.gr / 94.66.57.110)
Wed 2019-05-22 22:23:25.747: 09: *  Result: none; no SPF record in DNS
Wed 2019-05-22 22:23:25.747: 09:  End SPF results
Wed 2019-05-22 22:23:25.747: 09: Performing SPF lookup (nisarinc.com /
94.66.57.110)
Wed 2019-05-22 22:23:25.979: 09: *  Result: none; no SPF record in DNS
Wed 2019-05-22 22:23:25.979: 09:  End SPF results
Wed 2019-05-22 22:23:25.979: 03: --> 250 2.1.0 Sender OK
Wed 2019-05-22 22:23:26.314: 02: <-- RCPT To:
Wed 2019-05-22 22:23:26.340: 03: --> 250 2.1.5 Recipient OK
Wed 2019-05-22 22:23:26.847: 02: <-- DATA
Wed 2019-05-22 22:23:26.848: 01: Creating temp file (SMTP):
d:\mdaemon\queues\temp\md5105374.tmp
Wed 2019-05-22 22:23:26.848: 03: --> 354 Enter mail, end with .
Wed 2019-05-22 22:23:27.609: 01: Message size: 2085 bytes
Wed 2019-05-22 22:23:27.610: 10: Performing DKIM lookup
Wed 2019-05-22 22:23:27.610: 10: *  File:
d:\mdaemon\queues\temp\md5105374.tmp
Wed 2019-05-22 22:23:27.610: 10: *  Message-ID:
<689902165459230453463...@nisarinc.com>
Wed 2019-05-22 22:23:27.610: 10: *  Result: neutral
Wed 2019-05-22 22:23:27.610: 10:  End DKIM results
Wed 2019-05-22 22:23:27.614: 19: Performing DMARC processing
Wed 2019-05-22 22:23:27.614: 19: *  File:
d:\mdaemon\queues\temp\md5105374.tmp
Wed 2019-05-22 22:23:27.614: 19: *  Message-ID:
<689902165459230453463...@nisarinc.com>
Wed 2019-05-22 22:23:27.614: 19: *  Author domain: nisarinc.com
Wed 2019-05-22 22:23:27.614: 19: *  Organizational domain: nisarinc.com
Wed 2019-05-22 22:23:27.614: 19: *  Query domain: _dmarc.nisarinc.com
Wed 2019-05-22 22:23:27.842: 19: *No DMARC policy record found
Wed 2019-05-22 22:23:27.842: 19: *  Action taken: none
Wed 2019-05-22 22:23:27.842: 19: *  Result: none
Wed 2019-05-22 22:23:27.842: 19:  End DMARC results
Wed 2019-05-22 22:23:27.875: 06: Passing message through AntiVirus
(Size: 2085)...
Wed 2019-05-22 22:23:27.876: 06: *  Recipient or sender in exclusion list
Wed 2019-05-22 22:23:27.876: 06:  End AntiVirus results
Wed 2019-05-22 22:23:28.022: 11: Passing message through Outbreak Protection...
Wed 2019-05-22 22:23:28.022: 11: *  Message-ID:
<689902165459230453463...@nisarinc.com>
Wed 2019-05-22 22:23:28.022: 11: *  Reference-ID:
str=0001.0A150206.5CE56970.0002,ss=4,re=0.000,recu=0.000,reip=0.000,pt=C_5819,cl=4,cld=1,fgs=12
Wed 2019-05-22 22:23:28.022: 11: *  Virus result: 0 - Clean
Wed 2019-05-22 22:23:28.022: 11: *  Spam result: 4 - Spam (confirmed)
Wed 2019-05-22 22:23:28.022: 11: *  IWF result: 0 - Clean
Wed 2019-05-22 22:23:28.022: 11:  End Outbreak Protection results
Wed 2019-05-22 22:23:28.025: 07: Passing message through Spam Filter
(Size: 2085)...
Wed 2019-05-22 22:23:28.587: 07: *  3.0 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish
Wed 2019-05-22 22:23:28.587: 07: *  0.4 RDNS_DYNAMIC Delivered to
internal network by host with
Wed 2019-05-22 22:23:28.587: 07: *  dynamic-looking rDNS
Wed 2019-05-22 22:23:28.587: 07: *  3.2 HELO_DYNAMIC_IPADDR Relay
HELO'd using suspicious hostname (IP
Wed 2019-05-22 22:23:28.587: 07: *  addr 1)
Wed 2019-05-22 22:23:28.587: 07: *  2.5 BITCOIN_DEADLINE BitCoin 

[mdaemon-l] Spam Email mengancam

[Anjas Wahyu Nurhayanto]

> Lebih baik sbb:
>
> aksball.co.id TXT "v=spf1 mx ip4:46.196.99.24/29 include:maxindo.net.id
> -all"

Terima kasih atas bantuan dan kerjasamanya

-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0, SG 6.0

[mdaemon-l] Spam Email mengancam

[Syafril Hermansyah]

On 24/04/19 16.39, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> Apakah dengan mengubah SPF record di dns management seperti terlampir, Pak?


Lebih baik sbb:

aksball.co.id TXT "v=spf1 mx ip4:46.196.99.24/29 include:maxindo.net.id
-all"


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Learning is not child's play; we cannot learn without pain
--- Aristotle


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0, SG 6.0

[mdaemon-l] Spam Email mengancam

[Anjas Wahyu Nurhayanto]

> Aktifkan DNS SPF record dengan policy=reject (qualifiers = failed)
> seperti yang pernah saya rekomendasikan diwaktu yl.
>
>
> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg44613.html
>
> https://en.wikipedia.org/wiki/Sender_Policy_Framework#Qualifiers

Apakah dengan mengubah SPF record di dns management seperti terlampir, Pak?


-- 
Warm Regards,

Anjas

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0, SG 6.0

[mdaemon-l] Spam Email mengancam

[Syafril Hermansyah]

On 24/04/19 15.26, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> terlampir adalah tangkapan layar dari email spam yang cukup mengganggu
> user kami berikut mail headernya. mohon bantuannya untuk dilakukan
> pemeriksaan, serta masukan agar email serupa tidak menghampiri kami
> lagi.


> Return-path: 
> From: 
> X-Rcpt-To: sula...@aksball.co.id
> List-Subscribe: 


Mail melalui List server memang membolehkan  From  berbeda
dengan return-path 

Aktifkan DNS SPF record dengan policy=reject (qualifiers = failed)
seperti yang pernah saya rekomendasikan diwaktu yl.


https://www.mail-archive.com/mdaemon-l@dutaint.com/msg44613.html

https://en.wikipedia.org/wiki/Sender_Policy_Framework#Qualifiers


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.0-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Anyone who stops learning is old, whether twenty or eighty. Anyone who
keeps learning stays young. The greatest thing you can do is keep your
mind young.
--- Mark Twain (1835 - 1910)


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0, SG 6.0

[mdaemon-l] Spam dengan double From menjadi trend spam terkini

[Syafril Hermansyah]

On 03/12/18 16.42, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:
> Kami masih menerima email dengan double From, dengan log sebagai berikut :


> X-MDBadQueue-Reason: WARNING! infected with virus (Arrakis.LLME-4) 

Mail ini masuk ke bad queue.

> X-Spam-Processed: bb.ptbmi.com, Fri, 23 Nov 2018 14:08:28 +0700
>(not processed: message size (116275) exceeds spam filter configured max 
> size of (102400)) 


Mail bypass spam filter bukan karena sendernya masuk dalam whitelist,
tetapi karena message sizenya besar.


> Apakah ada setingan lainnya lagi yang kurang ya Pak ?

Tidak sih.
Boleh saja message size di spam filter diperbesar, tetapi tidak terlalu
penting/perlu.


> karena email tersebut dari luar semua apakah perlu block sender 
> apoyoven...@vifrio.com ?


Ya, block domain saja kalau memang domain itu tidak menjadi rekan
korespondensi domain ptbmi.com.





-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Semua hal atau semua kesulitan dan semua pemborosan sebetulnya bisa kita
atasi, kalau mau. Jadi permasalahannya adalah bukan bisa atau tidak
bisa, tapi mau atau tidak mau.
--- Dahlan Iskan


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Spam dengan double From menjadi trend spam terkini

[Rievo Niemrod E]

Selamat Sore Pak Syafril

Mohon bantuannya Pak


On 27/11/18 11.20, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:
Kami sudah melakukan update MD 18.5.1, dan untuk setingan RFC sudah kami 
centang

lalu langkah apa selanjutnya Pak ?



Tidak perlu melakukan apa-2x, sudah akan otomatis tertolak dari spam macam 
itu.


Kami masih menerima email dengan double From, dengan log sebagai berikut :

X-SPScan-Result: infected
X-SPScan-VirusName: Arrakis.LLME-4
X-MDBadQueue-Reason: WARNING! infected with virus (Arrakis.LLME-4)
X-MDAV-Processed: bb.ptbmi.com, Fri, 23 Nov 2018 14:08:28 +0700
Return-path: 
Authentication-Results: bb.ptbmi.com;
   spf=pass smtp.mailfrom=apoyoven...@vifrio.com;
   dmarc=none header.from=petra.ac.id (no DMARC record);
   iprev=pass policy.iprev=52.86.140.75 (PTR mail.vifrio.com);
   iprev=pass policy.iprev=52.86.140.75 (HELO mail.vifrio.com);
   iprev=pass policy.iprev=52.86.140.75 (MAIL apoyoven...@vifrio.com)
Received-SPF: pass (bb.ptbmi.com: domain vifrio.com
   designates 52.86.140.75 as permitted sender)
   receiver=bb.ptbmi.com; client-ip=52.86.140.75;
   mechanism=a; envelope-from="apoyoven...@vifrio.com";
   helo=mail.vifrio.com;
Received: from mail.vifrio.com (mail.vifrio.com [52.86.140.75]) by 
bb.ptbmi.com (MDaemon PRO v18.0.2)

   with ESMTPS id 47-md5064186.msg; Fri, 23 Nov 2018 14:08:28 +0700
X-Spam-Processed: bb.ptbmi.com, Fri, 23 Nov 2018 14:08:28 +0700
   (not processed: message size (116275) exceeds spam filter configured max 
size of (102400))

X-MDSPF-Result: unapproved (bb.ptbmi.com)
X-MDRemoteIP: 52.86.140.75
X-MDHelo: mail.vifrio.com
X-MDArrival-Date: Fri, 23 Nov 2018 14:08:28 +0700
X-Rcpt-To: andr...@ptbmi.com
X-MDRcpt-To: andr...@ptbmi.com
X-Return-Path: apoyoven...@vifrio.com
X-Envelope-From: apoyoven...@vifrio.com
X-MDaemon-Deliver-To: andr...@ptbmi.com
X-CAV-Result: clean
Received: from localhost (localhost.localdomain [127.0.0.1])
   by mail.vifrio.com (Postfix) with ESMTP id B73E95080CB14
   for ; Fri, 23 Nov 2018 07:06:56 + (UTC)
Received: from mail.vifrio.com ([127.0.0.1])
   by localhost (mail.vifrio.com [127.0.0.1]) (amavisd-new, port 10032)
   with ESMTP id qxMYkSdYbnT5 for ;
   Fri, 23 Nov 2018 07:06:56 + (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1])
   by mail.vifrio.com (Postfix) with ESMTP id 17B1C5080896D
   for ; Fri, 23 Nov 2018 07:06:56 + (UTC)
X-Virus-Scanned: amavisd-new at vifrio.com
Received: from mail.vifrio.com ([127.0.0.1])
   by localhost (mail.vifrio.com [127.0.0.1]) (amavisd-new, port 10026)
   with ESMTP id CDtLjU1yNKvX for ;
   Fri, 23 Nov 2018 07:06:55 + (UTC)
Received: from 10.7.23.27 (unknown [38.124.193.145])
   by mail.vifrio.com (Postfix) with ESMTPSA id 8983A50806AAA
   for ; Fri, 23 Nov 2018 07:06:55 + (UTC)
Date: Fri, 23 Nov 2018 01:07:02 -0600
From: Togar W.S. Panjaitan  
To: andr...@ptbmi.com
Message-ID: <1882204897882419794.a482ddbf3a214...@ptbmi.com>
Subject: Invoice for Services
MIME-Version: 1.0
Content-Type: multipart/mixed; 
boundary="=_Part_24017_3542485157.1418681922934220556"

X-MDArchive-Copy: 1

Apakah ada setingan lainnya lagi yang kurang ya Pak ?

karena email tersebut dari luar semua apakah perlu block sender 
apoyoven...@vifrio.com ?


Mohon pencerahannya Pak Syafril

Terimakasih atas bantuannya
Rievo


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Spam Lolos

[Syafril Hermansyah]

On 03/12/18 09.18, Bambang Setiawan via mdaemon-l
(mdaemon-l@dutaint.com) wrote:
> Apakah ada trik khusus untuk mencegah 2 email spam terlampir pak ?
> karena bisa lolos dari mdaemon.
> 
> 

> 
> Log 1 :
> 
> Sat 2018-12-01 20:16:00.022: 03: --> 250 mail.persada.id Hello
> 4edental.com [173.198.27.3], pleased to meet you
> Sat 2018-12-01 20:16:00.240: 02: <-- MAIL FROM:


Lengkapi semua log lengkap 1 session.

mulai dari

Sat 2018-12-01 20:16:00.022: Session ; child yyy

s.d

Sat 2018-12-01 20:16:03.563: 01: SMTP session successful (Bytes in/out:
31440/361)


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

There are three kinds of men. The ones that learn by readin’. The few
who learn by observation.
The rest of them have to pee on the electric fence for themselves.
--- Will Rogers


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Spam Lolos

[Bambang Setiawan via mdaemon-l]

Dear Pak Syafril,


Apakah ada trik khusus untuk mencegah 2 email spam terlampir pak ? 
karena bisa lolos dari mdaemon.



Terima kasih.

Log 1 :

Sat 2018-12-01 20:16:00.022: 03: --> 250 mail.persada.id Hello 
4edental.com [173.198.27.3], pleased to meet you

Sat 2018-12-01 20:16:00.240: 02: <-- MAIL FROM:
Sat 2018-12-01 20:16:00.243: 05: Performing PTR lookup 
(3.27.198.173.IN-ADDR.ARPA)
Sat 2018-12-01 20:16:00.514: 05: *  D=3.27.198.173.IN-ADDR.ARPA TTL=(60) 
PTR=[rrcs-173-198-27-3.west.biz.rr.com]
Sat 2018-12-01 20:16:00.772: 05: * D=rrcs-173-198-27-3.west.biz.rr.com 
TTL=(60) A=[173.198.27.3]

Sat 2018-12-01 20:16:00.772: 05:  End PTR results
Sat 2018-12-01 20:16:00.775: 05: Performing IP lookup (4edental.com)
Sat 2018-12-01 20:16:00.777: 05: *  D=4edental.com TTL=(29) 
A=[192.169.188.49]

Sat 2018-12-01 20:16:00.777: 05:  End IP lookup results
Sat 2018-12-01 20:16:00.781: 05: Performing IP lookup (4edental.com)
Sat 2018-12-01 20:16:00.783: 05: *  D=4edental.com TTL=(29) 
A=[192.169.188.49]
Sat 2018-12-01 20:16:00.785: 05: *  P=000 S=000 D=4edental.com TTL=(59) 
MX=[mail.4edental.com] {173.198.27.3}

Sat 2018-12-01 20:16:00.785: 05:  End IP lookup results
Sat 2018-12-01 20:16:00.786: 09: Performing SPF lookup (4edental.com / 
173.198.27.3)
Sat 2018-12-01 20:16:00.786: 09: *  Policy (cache): v=spf1 +a +mx 
include:marketheroSPF.smtp.com ?all

Sat 2018-12-01 20:16:00.788: 09: *  Evaluating +a: no match
Sat 2018-12-01 20:16:00.793: 09: *  Evaluating +mx: match
Sat 2018-12-01 20:16:00.793: 09: *  Result: pass
Sat 2018-12-01 20:16:00.793: 09:  End SPF results
Sat 2018-12-01 20:16:00.793: 03: --> 250 2.1.0 Sender OK
Sat 2018-12-01 20:16:01.001: 02: <-- RCPT TO:
Sat 2018-12-01 20:16:01.047: 05: Performing DNS-BL lookup (173.198.27.3 
- connecting IP)

Sat 2018-12-01 20:16:01.064: 05: *  zen.spamhaus.org - passed
Sat 2018-12-01 20:16:01.301: 05: *  bl.spamcop.net - passed
Sat 2018-12-01 20:16:01.301: 05:  End DNS-BL results
Sat 2018-12-01 20:16:01.302: 03: --> 250 2.1.5 Recipient OK
Sat 2018-12-01 20:16:01.518: 02: <-- DATA
Sat 2018-12-01 20:16:01.519: 01: Creating temp file (SMTP): 
c:\mdaemon\queues\temp\md5051645.tmp

Sat 2018-12-01 20:16:01.519: 03: --> 354 Enter mail, end with .
Sat 2018-12-01 20:16:02.371: 01: Message size: 31331 bytesSat 2018-12-01 
20:16:02.373: 10: Performing DKIM lookup
Sat 2018-12-01 20:16:02.373: 10: *  File: 
c:\mdaemon\queues\temp\md5051645.tmp
Sat 2018-12-01 20:16:02.373: 10: *  Message-ID: 
<3560106752968319675.c23ca084ce13a...@persada.id>

Sat 2018-12-01 20:16:02.373: 10: *  Result: neutral
Sat 2018-12-01 20:16:02.373: 10:  End DKIM results
Sat 2018-12-01 20:16:02.377: 19: Performing DMARC processing
Sat 2018-12-01 20:16:02.377: 19: *  File: 
c:\mdaemon\queues\temp\md5051645.tmp
Sat 2018-12-01 20:16:02.377: 19: *  Message-ID: 
<3560106752968319675.c23ca084ce13a...@persada.id>

Sat 2018-12-01 20:16:02.377: 19: *  Author domain: 4edental.com
Sat 2018-12-01 20:16:02.377: 19: *  Organizational domain: 4edental.com
Sat 2018-12-01 20:16:02.377: 19: *  Query domain: _dmarc.4edental.com
Sat 2018-12-01 20:16:02.395: 19: *    No DMARC policy record found
Sat 2018-12-01 20:16:02.395: 19: *  Action taken: none
Sat 2018-12-01 20:16:02.395: 19: *  Result: none
Sat 2018-12-01 20:16:02.395: 19:  End DMARC results
Sat 2018-12-01 20:16:02.397: 06: Passing message through AntiVirus 
(Size: 31331)...

Sat 2018-12-01 20:16:02.472: 06: *  Message is clean (no viruses found)
Sat 2018-12-01 20:16:02.472: 06:  End AntiVirus results
Sat 2018-12-01 20:16:02.472: 11: Passing message through ClamAV Plugin 
(c:\mdaemon\queues\temp\md5051645.tmp)...
Sat 2018-12-01 20:16:02.472: 11: *  Message-ID: 
<3560106752968319675.c23ca084ce13a...@persada.id>

Sat 2018-12-01 20:16:02.549: 11: *  Virus result: 0 - clean
Sat 2018-12-01 20:16:02.700: 11: Passing message through Outbreak 
Protection...
Sat 2018-12-01 20:16:02.700: 11: *  Message-ID: 
<3560106752968319675.c23ca084ce13a...@persada.id>
Sat 2018-12-01 20:16:02.700: 11: *  Reference-ID: 
str=0001.0A150207.5C028993.0015,ss=3,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,pt=F_42288174,cl=4,cld=1,fgs=0

Sat 2018-12-01 20:16:02.700: 11: *  Virus result: 0 - Clean
Sat 2018-12-01 20:16:02.700: 11: *  Spam result: 4 - Spam (confirmed)
Sat 2018-12-01 20:16:02.700: 11: *  IWF result: 0 - Clean
Sat 2018-12-01 20:16:02.701: 11:  End Outbreak Protection results
Sat 2018-12-01 20:16:02.701: 07: Passing message through Spam Filter 
(Size: 31352)...
Sat 2018-12-01 20:16:03.342: 07: *  2.5 MDAEMON_OP_SPAM_HIGH MDaemon: 
spam/phish
Sat 2018-12-01 20:16:03.342: 07: *  0.0 HTML_MESSAGE BODY: HTML included 
in message
Sat 2018-12-01 20:16:03.342: 07: *  1.1 MIME_HTML_ONLY BODY: Message 
only has text/html MIME parts
Sat 2018-12-01 20:16:03.342: 07: *  0.7 HTML_IMAGE_ONLY_20 BODY: HTML: 
images with 1600-2000 bytes of words
Sat 2018-12-01 20:16:03.342: 07: *  0.4 RDNS_DYNAMIC Delivered to 
internal network by host with

Sat 

[mdaemon-l] Spam dengan double From menjadi trend spam terkini

[Syafril Hermansyah]

On 27/11/18 11.20, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:
> Selamat Pagi Pak Syahfril

Nama saya Syafril bukan Syahril.

> Kami sudah melakukan update MD 18.5.1, dan untuk setingan RFC sudah kami
> centang
> lalu langkah apa selanjutnya Pak ?
> 
> Untuk Spam yang sudah masuk yang lalu, apakah kami perlu,
> A. Block IP  di Dynamic Blacklist
> B. BLock email address di Sender Blacklist
> C. Atau mungkin ada cara lain ?


Tidak perlu melakukan apa-2x, sudah akan otomatis tertolak dari spam
macam itu.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Bodily exercise, when compulsory, does no harm to the body; but
knowledge which is acquired under compulsion obtains no hold on the mind.
--- Plato, The Republic


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Spam dengan double From menjadi trend spam terkini

[Rievo Niemrod E]

Selamat Pagi Pak Syahfril


Upgrade ke MD 18.5.1 dan aktifkan "RFC standards" check.
[x] Refuse messages which violate RFC standards


Kami sudah melakukan update MD 18.5.1, dan untuk setingan RFC sudah kami 
centang

lalu langkah apa selanjutnya Pak ?

Untuk Spam yang sudah masuk yang lalu, apakah kami perlu,
A. Block IP  di Dynamic Blacklist
B. BLock email address di Sender Blacklist
C. Atau mungkin ada cara lain ?


Mohon bantuannya Pak Syahfril

Terimakasih
Rievo

I am who I am today because of the mistakes I made yesterday.
--- The Prolific Penman


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0



--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Spam dengan double From menjadi trend spam terkini

[Syafril Hermansyah]

On 19/11/18 09.36, Suzy Ariyani (s...@ptbmi.com) wrote:
> Ada email dari internal, semacam ini headernya:

> Authentication-Results: bb.ptbmi.com;
>    spf=pass smtp.mailfrom=mdt...@nobleindonesia.com;
>    dmarc=none header.from=ptbmi.com (no DMARC record);
>    iprev=pass policy.iprev=203.160.56.43 reason="white listed" (HELO
> mail.cybermega.co.id);
>    iprev=pass policy.iprev=203.160.56.43 reason="white listed" (MAIL
> mdt...@nobleindonesia.com)


Ini bukan mail internal, hanya seolah saja internal.
Karena ini spam mail.

> From: Ronny Triyana  
> To: y...@ptbmi.com
> Message-ID: <18514979794502917124.dbaf588047cd9...@ptbmi.com>
> Subject: =?UTF-8?B?UmVjaG51bmcgZsO8ciBaYWhsdW5nICAgdm9tIDEzIE5vdmVtYmVy?=


> Apa ini yg dimaksud email dg DOUBLE FROM yg berbeda ya pak?
> email semacam ini PASTI SPAM ya pak? meski ada tercantum alamat email yg 
> dikenal.


Ya itu spam dari spammer jagoan.


> apa yg harus kita lakukan? 


Upgrade ke MD 18.5.1 dan aktifkan "RFC standards" check.


https://www.mail-archive.com/mdaemon-l@dutaint.com/msg44190.html

* [20945] The options to refuse messages that are not RFC compliant or
incompatible with DMARC do additional checks for invalid syntax in the
>From header.

http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?default-domain-and-servers_servers.htm

[x] Refuse messages which violate RFC standards


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

I am who I am today because of the mistakes I made yesterday.
--- The Prolific Penman


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Spam dengan double From menjadi trend spam terkini

[Suzy Ariyani]

Semangat pagi Pak Syafril..

Ada email dari internal, semacam ini headernya:

X-SPScan-Result: infected
X-SPScan-VirusName: Trojan.HCDZ-9
X-MDBadQueue-Reason: WARNING! infected with virus (Trojan.HCDZ-9)
X-MDAV-Processed: bb.ptbmi.com, Tue, 13 Nov 2018 15:44:26 +0700
Return-path: 
Authentication-Results: bb.ptbmi.com;
   spf=pass smtp.mailfrom=mdt...@nobleindonesia.com;
   dmarc=none header.from=ptbmi.com (no DMARC record);
   iprev=pass policy.iprev=203.160.56.43 reason="white listed" (HELO 
mail.cybermega.co.id);
   iprev=pass policy.iprev=203.160.56.43 reason="white listed" (MAIL 
mdt...@nobleindonesia.com)

Received-SPF: pass (bb.ptbmi.com: domain nobleindonesia.com
   designates 203.160.56.43 as permitted sender)
   receiver=bb.ptbmi.com; client-ip=203.160.56.43;
   mechanism=ip4:203.160.56.43/32; 
envelope-from="mdt...@nobleindonesia.com";

   helo=mail.cybermega.co.id;
Received: from mail.cybermega.co.id [(203.160.56.43)] by bb.ptbmi.com 
(MDaemon PRO v18.0.2)

   with ESMTPS id 20-md5063898.msg; Tue, 13 Nov 2018 15:44:25 +0700
X-Spam-Processed: bb.ptbmi.com, Tue, 13 Nov 2018 15:44:25 +0700
   (not processed: message size (114864) exceeds spam filter configured max 
size of (102400))

X-MDSPF-Result: unapproved (bb.ptbmi.com)
X-MDRemoteIP: 203.160.56.43
X-MDHelo: mail.cybermega.co.id
X-MDArrival-Date: Tue, 13 Nov 2018 15:44:25 +0700
X-Rcpt-To: y...@ptbmi.com
X-MDRcpt-To: y...@ptbmi.com
X-Return-Path: mdt...@nobleindonesia.com
X-Envelope-From: mdt...@nobleindonesia.com
X-MDaemon-Deliver-To: bsd.y...@ptbmi.com
X-CAV-Result: clean
Received: from localhost (localhost [127.0.0.1])
   by mail.cybermega.co.id (Postfix) with ESMTP id 8E05B40367D3F
   for ; Tue, 13 Nov 2018 15:43:19 +0700 (WIB)
Received: from mail.cybermega.co.id ([127.0.0.1])
   by localhost (mail.cybermega.co.id [127.0.0.1]) (amavisd-new, port 
10032)

   with ESMTP id tiYSpgKSBHtL for ;
   Tue, 13 Nov 2018 15:43:18 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1])
   by mail.cybermega.co.id (Postfix) with ESMTP id B533B40369060
   for ; Tue, 13 Nov 2018 15:43:18 +0700 (WIB)
X-Virus-Scanned: amavisd-new at cybermega.co.id
Received: from mail.cybermega.co.id ([127.0.0.1])
   by localhost (mail.cybermega.co.id [127.0.0.1]) (amavisd-new, port 
10026)

   with ESMTP id alt4XFBpGrPF for ;
   Tue, 13 Nov 2018 15:43:18 +0700 (WIB)
Received: from 10.6.21.115 (unknown [113.105.120.66])
   by mail.cybermega.co.id (Postfix) with ESMTPSA id 79AAC403698C5
   for ; Tue, 13 Nov 2018 15:43:16 +0700 (WIB)
Date: Tue, 13 Nov 2018 16:44:15 +0800
From: Ronny Triyana  
To: y...@ptbmi.com
Message-ID: <18514979794502917124.dbaf588047cd9...@ptbmi.com>
Subject: =?UTF-8?B?UmVjaG51bmcgZsO8ciBaYWhsdW5nICAgdm9tIDEzIE5vdmVtYmVy?=
MIME-Version: 1.0
Content-Type: multipart/mixed; 
boundary="=_Part_49698_3508543199.41991822312867918266"

X-MDArchive-Copy: 1

Apa ini yg dimaksud email dg DOUBLE FROM yg berbeda ya pak?
email semacam ini PASTI SPAM ya pak? meski ada tercantum alamat email yg 
dikenal.


Action:
apa yg harus kita lakukan?
1. Blok IP? IP yg mana?
2. Blok Email Sender?

Mohon pencerahan..

thanks
Suzy


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] spam email masuk inbox

[Syafril Hermansyah]

On 12/11/18 16.09, Anjas Wahyu N (an...@inticipta.co.id) wrote:
>> 17.5.3 belum bisa menolak itu spam model itu.
>>
> Baik, Pak. Terima kasih banyak atas bantuannya. berarti solusi satu-satunya
> hanya upgrade versi ya, Pak?


Ya.

Spam dengan double From atau double Subject menjadi trend spam terkini.




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit Beta RC1
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The life so short, the craft so long to learn.
--- Hippocrates













-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.0, SG 5.5.0

[mdaemon-l] spam email masuk inbox

[Anjas Wahyu N]

>
> 17.5.3 belum bisa menolak itu spam model itu.
>

Baik, Pak. Terima kasih banyak atas bantuannya. berarti solusi satu-satunya
hanya upgrade versi ya, Pak?

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.0, SG 5.5.0

[mdaemon-l] spam email masuk inbox

[Syafril Hermansyah]

On 12/11/18 15.28, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
>> http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?default-domain-and-servers_servers.htm
>>
>>
>> [x] Refuse messages which violate RFC standards
> setelah saya cek, opsi ini sudah terchecklist pada mdaemon kami di versi 
> 17.5.3


17.5.3 belum bisa menolak itu spam model itu.


Refuse messages which violate RFC standards

Enable this option if you wish to reject messages during the SMTP
process that are not compliant to RFC internet standards. To pass the
compliance test the message must:

1.Be greater than 32 bytes in size (the minimum size necessary to
include all required parts).

2.Have either a FROM: or a SENDER: header.

3.Have no more than one FROM: header.

4.Have no more than one SUBJECT: header, though no subject header is
required.
---

Di MD 18.5 melakukan verifikasi berdasar RFC-5322 (terbaru).

https://www.ietf.org/rfc/rfc5322.txt


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit Beta RC1
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Never give up on anything.
If you fail, try, try and try again.
You are learning the best ways of doing things.
--- Lailah Gifty Akita


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.0, SG 5.5.0

[mdaemon-l] spam email masuk inbox

[Anjas Wahyu Nurhayanto]

> Aktifkan RFC compliant check.
>
> http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?default-domain-and-servers_servers.htm
>
>
> [x] Refuse messages which violate RFC standards

setelah saya cek, opsi ini sudah terchecklist pada mdaemon kami di versi 17.5.3


-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.0, SG 5.5.0

[mdaemon-l] spam email masuk inbox

[Syafril Hermansyah]

On 12/11/18 12.54, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> klien kami menerima beberapa email spam dengan header berikut :
> 


> From: Pratiwi  


Ini adalah spam terkini (doble From ) yang hanya bisa diatasi
di MD 18.5.0 keatas.

Aktifkan RFC compliant check.

http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?default-domain-and-servers_servers.htm


[x] Refuse messages which violate RFC standards



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit Beta RC1
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Banyak yang tidak menyadari bahwa untuk bisa menjadi pemimpin yang baik
sebenarnya harus pernah membuktikan dirinya pernah menjadi orang yang
dipimpin.
--- Dahlan Iskan


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.0, SG 5.5.0

[mdaemon-l] spam email masuk inbox

[Anjas Wahyu Nurhayanto]

dear Pak Syafril,

klien kami menerima beberapa email spam dengan header berikut :

Return-path: 

Authentication-Results: aksball.co.id;

spf=pass smtp.mailfrom=ccarra...@sica.co.cr;

dmarc=fail header.from=walkbrains.com (p=none
sampling=21 pct=100);

iprev=pass policy.iprev=190.10.11.40 (PTR urano.rolosa.com);

iprev=pass policy.iprev=190.10.11.40 (HELO urano.rolosa.com);

iprev=pass policy.iprev=190.10.11.40 (MAIL ccarra...@sica.co.cr)

Received-SPF: pass (aksball.co.id: domain sica.co.cr

designates 190.10.11.40 as permitted sender)

receiver=aksball.co.id; client-ip=190.10.11.40;

mechanism=mx; envelope-from="ccarra...@sica.co.cr";

helo=urano.rolosa.com;

Received: from urano.rolosa.com (urano.rolosa.com [190.10.11.40]) by
aksball.co.id

with ESMTP id md5135889.msg; Fri, 09 Nov 2018 10:51:53 +0700

X-Spam-Level:

X-Spam-Status: No, score=-100.00 required=5.0

X-Spam-Report:

* -100 USER_IN_WHITELIST From: address is in the whitelist

*  0.0 HEADER_FROM_DIFFERENT_DOMAINS From and
EnvelopeFrom 2nd level mail

*  domains are different

X-Spam-Processed: aksball.co.id, Fri, 09 Nov 2018 10:51:53 +0700

(processed during SMTP session)

X-MDSPF-Result: unapproved (aksball.co.id)

X-MDRemoteIP: 190.10.11.40

X-MDHelo: urano.rolosa.com

X-MDArrival-Date: Fri, 09 Nov 2018 10:51:53 +0700

X-Rcpt-To: b...@aksball.co.id

X-MDRcpt-To: b...@aksball.co.id

X-Return-Path: ccarra...@sica.co.cr

X-Envelope-From: ccarra...@sica.co.cr

X-MDaemon-Deliver-To: b...@aksball.co.id

Received: from 10.0.36.31 (unknown [121.139.238.2])

by urano.rolosa.com (Postfix) with ESMTPSA id 7E80C160DA51

for ; Thu,  8 Nov 2018 21:51:39 -0600 (CST)

Date: Fri, 09 Nov 2018 12:51:36 +0900

From: Pratiwi  

To: b...@aksball.co.id

Message-ID: <42404651163015818723.8334fb9a152b0...@aksball.co.id>

Subject: Pratiwi: Order receipt #6851

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="=_Part_57455_2289270072.12240930603599388054"

X-PPP-Message-ID: <20181109035141.22739.1387@localhost.localdomain>

X-PPP-Vhost: sica.co.cr


mohon saran dan masukannya agar email tersebut tidak diterima oleh
kami. terima kasih banyak


-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.0, SG 5.5.0

[mdaemon-l] Spam ke domain kompastv

[Syafril Hermansyah]

On 09/08/18 12:09, Ahmad Ardiansyah (ardiansyah.em...@gmail.com) wrote:
> kami mendapatkan spam dengan log ini :
> 
> Thu 2018-08-09 04:49:34.362: [315122] Session 315122; child 0002
> Thu 2018-08-09 04:49:34.362: [315122] Accepting SMTP connection from
> 192.168.51.1:34178  to 10.8.40.3:25
> 


yang jadi penyebab banyak spam masuk karena firewall diubah lagi dari
PAT ke NAT.
Bukankah sudah pernah diperbaiki bulan lalu?

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42737.html

> Wed 2018-02-07 11:17:01.396: [088755] Accepting SMTP connection from
> 106.10.242.139:39770 to 10.0.0.6:25
> Wed 2018-02-07 11:17:01.478: [088755] --> 250-mail.kompas.tv Hello
> sonic302-19.consmr.mail.sg3.yahoo.com [106.10.242.139], pleased to meet you
^^
sudah pakai PAT sehingga original IP sender terlihat

> apakah yang harus kami lakukan selain melakukan blacklist terhadap domain 
> tersebut.


Perbaiki kembali setting firewallnya agar pakai PAT bukan NAT agar
antispam/antirelay berbasis IP di MDaemon berkerja normal.





-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0.2-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

It is not that I'm so smart. But I stay with the questions much longer.
--- Albert Einstein


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0.2, SG 5.5.0

[mdaemon-l] Spam ke domain kompastv

[Ahmad Ardiansyah]

pak syafril,

kami mendapatkan spam dengan log ini :

Thu 2018-08-09 04:49:32.428: --
Thu 2018-08-09 04:49:34.362: [315122] Session 315122; child 0002
Thu 2018-08-09 04:49:34.362: [315122] Accepting SMTP connection from
192.168.51.1:34178 to 10.8.40.3:25
Thu 2018-08-09 04:49:34.364: [315122] --> 220 mail.kompas.tv ESMTP MDaemon
17.0.2; Thu, 09 Aug 2018 04:49:34 +0700
Thu 2018-08-09 04:49:34.543: [315122] <-- EHLO mx1.hussong.biz
Thu 2018-08-09 04:49:34.543: [315122] --> 250-mail.kompas.tv Hello
mx1.hussong.biz [192.168.51.1], pleased to meet you
Thu 2018-08-09 04:49:34.543: [315122] --> 250-ETRN
Thu 2018-08-09 04:49:34.543: [315122] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Thu 2018-08-09 04:49:34.543: [315122] --> 250-8BITMIME
Thu 2018-08-09 04:49:34.543: [315122] --> 250-ENHANCEDSTATUSCODES
Thu 2018-08-09 04:49:34.543: [315122] --> 250 SIZE 2048
Thu 2018-08-09 04:49:34.722: [315122] <-- MAIL FROM:
SIZE=2232 BODY=7BIT
Thu 2018-08-09 04:49:34.723: [315122] --> 250 2.1.0 Sender OK
Thu 2018-08-09 04:49:34.902: [315122] <-- RCPT TO:
Thu 2018-08-09 04:49:34.903: [315122] --> 250 2.1.5 Recipient OK
Thu 2018-08-09 04:49:35.081: [315122] <-- RCPT TO:
Thu 2018-08-09 04:49:35.088: [315122] --> 250 2.1.5 Recipient OK
Thu 2018-08-09 04:49:35.269: [315122] <-- RCPT TO:
Thu 2018-08-09 04:49:35.344: [315122] --> 250 2.1.5 Recipient OK
Thu 2018-08-09 04:49:35.523: [315122] <-- DATA
Thu 2018-08-09 04:49:35.524: [315122] Creating temp file (SMTP):
c:\mdaemon\queues\temp\md5108616.tmp
Thu 2018-08-09 04:49:35.524: [315122] --> 354 Enter mail, end with
.
Thu 2018-08-09 04:49:35.757: [315122] Message size: 2231 bytes
Thu 2018-08-09 04:49:35.767: [315122] Passing message through AntiVirus
(Size: 2231)...
Thu 2018-08-09 04:49:35.776: [315122] *  Message is clean (no viruses found)
Thu 2018-08-09 04:49:35.776: [315122]  End AntiVirus results
Thu 2018-08-09 04:49:35.893: [315122] Passing message through Outbreak
Protection...
Thu 2018-08-09 04:49:35.893: [315122] *  Message-ID: <
e77c86d6-b5d1-4b2f-bd0f-1648940c2...@dehemm.net>
Thu 2018-08-09 04:49:35.894: [315122] *  Reference-ID:
str=0001.0A150209.5B6B657C.0070,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
Thu 2018-08-09 04:49:35.894: [315122] *  Virus result: 0 - Clean
Thu 2018-08-09 04:49:35.894: [315122] *  Spam result: 1 - Clean
Thu 2018-08-09 04:49:35.894: [315122] *  IWF result: 0 - Clean
Thu 2018-08-09 04:49:35.894: [315122]  End Outbreak Protection results
Thu 2018-08-09 04:49:35.895: [315122] Passing message through Spam Filter
(Size: 2231)...
Thu 2018-08-09 04:49:35.957: [315122] *  0.0 HTML_MESSAGE BODY: HTML
included in message
Thu 2018-08-09 04:49:35.957: [315122] *  1.6 FORGED_MUA_MOZILLA Forged mail
pretending to be from Mozilla
Thu 2018-08-09 04:49:35.957: [315122]  End SpamAssassin results
Thu 2018-08-09 04:49:35.957: [315122] Spam Filter score/req: 1.60/12.0
Thu 2018-08-09 04:49:35.959: [315122] Message creation successful:
c:\mdaemon\queues\inbound\md50001876777.msg
Thu 2018-08-09 04:49:35.959: [315122] --> 250 2.6.0 Ok, message saved
>
Thu 2018-08-09 04:49:36.137: [315122] <-- QUIT
Thu 2018-08-09 04:49:36.137: [315122] --> 221 2.0.0 See ya in cyberspace
Thu 2018-08-09 04:49:36.137: [315122] SMTP session successful (Bytes
in/out: 2411/509)
Thu 2018-08-09 04:49:36.137: --

apakah yang harus kami lakukan selain melakukan blacklist terhadap domain
tersebut. terima kasih

salam,
ardiansyah

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0.2, SG 5.5.0

[mdaemon-l] Spam email

[Syafril Hermansyah]

On 30/05/18 14:48, Heryanto (herya...@dima.co.id) wrote:
> Berikut kami ingin bertanya mengenai spam email dan kami lampirkan log
> di bawah ini.


> Tue 2018-05-29 00:00:28.383: [613307] *  From: irvan.gusti...@dima.co.id
> 
> Tue 2018-05-29 00:00:28.383: [613307] *  To: volkmarpe...@yahoo.de
> 
> Tue 2018-05-29 00:00:28.383: [613307] *  Message-ID: 
> <1122920144.20185281...@yahoo.de>



Ini bukan kasus terima spam mail, tetapi akun irvan.gusti...@dima.co.id
terkena hijack dan dimanfaatkan oleh spammer untuk kirim spam mail.
Aneh juga kok masih ada akun terhijack padahal Geo Location Screening
sudah diaktifkan.
Atau memang sengaja geo location dan dynamic screening tidak diaktifkan?

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42884.html

kalau memang tetap diaktifkan, coba periksa ke smtp-in log transaksi
mail diatas pengirimnya siapa atau IP mana.


BTW. Kenapa tidak lagi menggunakan smarthost smtp.antispamcloud.com?

>  koneksi Connection established 116.254.100.37:61769 --> 188.125.69.79:25 
> maksud nya port apa ya 61769 ?

port 61769 adalah ephemeral port atau dikenal juga dengan nama dynamic port.

https://en.wikipedia.org/wiki/Ephemeral_port

digunakan oleh aplikasi untuk penerapan multi session/multi tasking (1
port bisa menangani banyak session connetion pada saat yang sama).




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0.2-64 bit Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

There are three kinds of men. The ones that learn by readin’. The few
who learn by observation.
The rest of them have to pee on the electric fence for themselves.
--- Will Rogers


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0.1, SG 5.5.0

[mdaemon-l] Spam email

[Heryanto]

Dear Pak Syafril ,

 

Berikut kami ingin bertanya mengenai spam email dan kami lampirkan log di
bawah ini.

Pertanyaan nya bagaimana cara bloking spam email Pak Syafril  dan yg ingin
kami tanya kan mengenai koneksi Connection established 116.254.100.37:61769
--> 188.125.69.79:25 maksud nya port apa ya 61769 ?

 

 

Tue 2018-05-29 00:00:28.382: [613307] Session 613307; child 0020

Tue 2018-05-29 00:00:28.382: [613307] Parsing message


Tue 2018-05-29 00:00:28.383: [613307] *  From: irvan.gusti...@dima.co.id

Tue 2018-05-29 00:00:28.383: [613307] *  To: volkmarpe...@yahoo.de

Tue 2018-05-29 00:00:28.383: [613307] *  Subject: Fakturierung 41492278333

Tue 2018-05-29 00:00:28.383: [613307] *  Size (bytes): 1253

Tue 2018-05-29 00:00:28.383: [613307] *  Message-ID:
<1122920144.20185281...@yahoo.de>

Tue 2018-05-29 00:00:28.406: [613307] Resolving MX record for yahoo.de (DNS
Server: 116.254.101.2)...

Tue 2018-05-29 00:00:28.413: [613307] *  P=010 S=000 D=yahoo.de TTL=(13)
MX=[mx-eu.mail.am0.yahoodns.net]

Tue 2018-05-29 00:00:28.413: [613307] Attempting SMTP connection to
mx-eu.mail.am0.yahoodns.net

Tue 2018-05-29 00:00:28.413: [613307] Resolving A record for
mx-eu.mail.am0.yahoodns.net (DNS Server: 116.254.101.2)...

Tue 2018-05-29 00:00:28.419: [613307] *  D=mx-eu.mail.am0.yahoodns.net
TTL=(47) A=[188.125.69.79]

Tue 2018-05-29 00:00:28.419: [613307] Attempting SMTP connection to
188.125.69.79:25

Tue 2018-05-29 00:00:28.420: [613307] Waiting for socket connection...

Tue 2018-05-29 00:00:28.679: [613307] *  Connection established
116.254.100.37:61769 --> 188.125.69.79:25

Tue 2018-05-29 00:00:28.679: [613307] Waiting for protocol to start...

Tue 2018-05-29 00:00:28.937: [613307] <-- 220 mta1157.mail.ir2.yahoo.com
ESMTP ready

Tue 2018-05-29 00:00:28.937: [613307] --> EHLO mail.dima.co.id

Tue 2018-05-29 00:00:29.194: [613307] <-- 250-mta1157.mail.ir2.yahoo.com

Tue 2018-05-29 00:00:29.194: [613307] <-- 250-PIPELINING

Tue 2018-05-29 00:00:29.194: [613307] <-- 250-SIZE 41943040

Tue 2018-05-29 00:00:29.194: [613307] <-- 250-8BITMIME

Tue 2018-05-29 00:00:29.194: [613307] <-- 250 STARTTLS

Tue 2018-05-29 00:00:29.194: [613307] --> STARTTLS

Tue 2018-05-29 00:00:29.453: [613307] <-- 220 2.0.0 Start TLS

Tue 2018-05-29 00:00:30.016: [613307] SSL negotiation successful (TLS 1.2,
256 bit key exchange, 128 bit AES encryption)

Tue 2018-05-29 00:00:30.017: [613307] SSL certificate is valid (matches
mx-eu.mail.am0.yahoodns.net and is signed by recognized CA)

Tue 2018-05-29 00:00:30.017: [613307] --> EHLO mail.dima.co.id

Tue 2018-05-29 00:00:30.275: [613307] <-- 250-mta1157.mail.ir2.yahoo.com

Tue 2018-05-29 00:00:30.275: [613307] <-- 250-PIPELINING

Tue 2018-05-29 00:00:30.275: [613307] <-- 250-SIZE 41943040

Tue 2018-05-29 00:00:30.275: [613307] <-- 250 8BITMIME

Tue 2018-05-29 00:00:30.275: [613307] --> MAIL
From: SIZE=1253

Tue 2018-05-29 00:00:32.087: [613307] <-- 421 4.7.0 [TSS04] Messages from
116.254.100.37 temporarily deferred due to user complaints - 4.16.55.1; see
https://help.yahoo.com/kb/postmaster/SLN3434.html

Tue 2018-05-29 00:00:32.087: [613307] --> QUIT

Tue 2018-05-29 00:00:32.087: [613307] *  This message is 54 minutes old; it
has 6 minutes left in this queue

Tue 2018-05-29 00:00:32.087: [613307] SMTP session terminated (Bytes in/out:
400/303)

 

 

Tue 2018-05-29 00:00:28.339: [613332] Session 613332; child 0017

Tue 2018-05-29 00:00:28.339: [613332] Parsing message


Tue 2018-05-29 00:00:28.340: [613332] *  From: stella.va...@dima.co.id

Tue 2018-05-29 00:00:28.340: [613332] *  To: heikesiep...@yahoo.de

Tue 2018-05-29 00:00:28.340: [613332] *  Subject: UPS Shipment Notification

Tue 2018-05-29 00:00:28.340: [613332] *  Size (bytes): 1591

Tue 2018-05-29 00:00:28.340: [613332] *  Message-ID:
<54101068722.2018528155...@yahoo.de>

Tue 2018-05-29 00:00:28.384: [613332] Resolving MX record for yahoo.de (DNS
Server: 116.254.101.2)...

Tue 2018-05-29 00:00:28.407: [613332] *  P=010 S=000 D=yahoo.de TTL=(13)
MX=[mx-eu.mail.am0.yahoodns.net]

Tue 2018-05-29 00:00:28.407: [613332] Attempting SMTP connection to
mx-eu.mail.am0.yahoodns.net

Tue 2018-05-29 00:00:28.407: [613332] Resolving A record for
mx-eu.mail.am0.yahoodns.net (DNS Server: 116.254.101.2)...

Tue 2018-05-29 00:00:28.414: [613332] *  D=mx-eu.mail.am0.yahoodns.net
TTL=(47) A=[188.125.69.79]

Tue 2018-05-29 00:00:28.414: [613332] Attempting SMTP connection to
188.125.69.79:25

Tue 2018-05-29 00:00:28.414: [613332] Waiting for socket connection...

Tue 2018-05-29 00:00:28.679: [613332] *  Connection established
116.254.100.37:61760 --> 188.125.69.79:25

Tue 2018-05-29 00:00:28.679: [613332] Waiting for protocol to start...

Tue 2018-05-29 00:00:28.944: [613332] <-- 220 mta1163.mail.ir2.yahoo.com
ESMTP ready

Tue 2018-05-29 00:00:28.944: [613332] --> EHLO mail.dima.co.id

Tue 2018-05-29 00:00:29.209: [613332] <-- 250-mta1163.mail.ir2.yahoo.com

Tue 2018-05-29 00:00:29.209: [613332] <-- 250-PIPELINING

Tue 2018-05-29 00:00:29.209: 

[mdaemon-l] spam atau bukan?

[Syafril Hermansyah]

On Wed, 09 May 2018 15:04:48 +, "Syafril Hermansyah
(syaf...@dutaint.co.id)"  wrote:

> On May 9, 2018 2:07:10 PM UTC, "Thariq Basyir (thariqbas...@gmail.com)"
>  wrote:
> 
> >
> >[x] From Header Modification

> Server kami mengaktifkan fitur itu sejak pakai MD 18.0 beta, tidak
> terpengaruh untuk kecepatan mail processing.


Saya mengaktifkan itu sejak di MD 18.0 karena sudah ada perubahan formatnya.
Di MD 17.5.x atau sebelumnya formatnya beda.

From: "mail...@example.com (Sender's Name)" 

sementara di MD 18.0

From: "Sender's Name (mail...@example.com)" .

 
-- 
syafril
--
Syafril Hermansyah



-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1